Evolving Kibana’s authorization model

Kibana authorization model was built in a much simpler time. Our needs are growing more sophisticated by the day, and our authorization model has not kept pace with the needs of our solutions.

As a result of these limitations, solution teams have had to implement their own RBAC using our security primitives, which weren’t originally designed for such broad consumption. We need to evolve our security model so that solution teams don’t need to write their own authorization logic.

Known usages of custom authorization:

Potential future usages of custom authorization:

  • Alerts
  • Notifications
  • Scheduled reports
  • Background searches?

Read more here: Source link