[EDR Workflows] Workflow Insights - Change update api RBAC #210637
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
szwarckonrad
added
release_note:skip
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]
History
|
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
joeypoon
approved these changes
Feb 12, 2025
tomsonpl
approved these changes
Feb 12, 2025
joeypoon
approved these changes
Feb 13, 2025
|
Starting backport for target branches: 9.0 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Feb 13, 2025
…10637) This PR addresses an issue where users with read privilege to insights were unable to successfully complete a remediation path due to the inability to mark an insight as remediated at the final step. With this change, we adjust the required permissions for interacting with the update API from writeWorkflowInsights to readWorkflowInsights. The rationale behind this is that writeWorkflowInsights should signify the ability to trigger new scans for insights, while readWorkflowInsights should be sufficient for addressing found issues without the option to generate new ones. https://github.com/user-attachments/assets/8c1af654-d9e4-40d7-8718-1388677e8d46 (cherry picked from commit f4365f6)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Feb 13, 2025
…0637) (#211039) # Backport This will backport the following commits from `main` to `9.0`: - [[EDR Workflows] Workflow Insights - Change update api RBAC (#210637)](#210637) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Konrad Szwarc","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-02-13T16:14:51Z","message":"[EDR Workflows] Workflow Insights - Change update api RBAC (#210637)\n\nThis PR addresses an issue where users with read privilege to insights\nwere unable to successfully complete a remediation path due to the\ninability to mark an insight as remediated at the final step.\n\nWith this change, we adjust the required permissions for interacting\nwith the update API from writeWorkflowInsights to readWorkflowInsights.\nThe rationale behind this is that writeWorkflowInsights should signify\nthe ability to trigger new scans for insights, while\nreadWorkflowInsights should be sufficient for addressing found issues\nwithout the option to generate new ones.\n\n\nhttps://github.com/user-attachments/assets/8c1af654-d9e4-40d7-8718-1388677e8d46","sha":"f4365f6e8999c311335af87db60a6b378f8f4ed2","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend Workflows","backport:version","v9.1.0"],"title":"[EDR Workflows] Workflow Insights - Change update api RBAC","number":210637,"url":"https://github.com/elastic/kibana/pull/210637","mergeCommit":{"message":"[EDR Workflows] Workflow Insights - Change update api RBAC (#210637)\n\nThis PR addresses an issue where users with read privilege to insights\nwere unable to successfully complete a remediation path due to the\ninability to mark an insight as remediated at the final step.\n\nWith this change, we adjust the required permissions for interacting\nwith the update API from writeWorkflowInsights to readWorkflowInsights.\nThe rationale behind this is that writeWorkflowInsights should signify\nthe ability to trigger new scans for insights, while\nreadWorkflowInsights should be sufficient for addressing found issues\nwithout the option to generate new ones.\n\n\nhttps://github.com/user-attachments/assets/8c1af654-d9e4-40d7-8718-1388677e8d46","sha":"f4365f6e8999c311335af87db60a6b378f8f4ed2"}},"sourceBranch":"main","suggestedTargetBranches":["9.0"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/210637","number":210637,"mergeCommit":{"message":"[EDR Workflows] Workflow Insights - Change update api RBAC (#210637)\n\nThis PR addresses an issue where users with read privilege to insights\nwere unable to successfully complete a remediation path due to the\ninability to mark an insight as remediated at the final step.\n\nWith this change, we adjust the required permissions for interacting\nwith the update API from writeWorkflowInsights to readWorkflowInsights.\nThe rationale behind this is that writeWorkflowInsights should signify\nthe ability to trigger new scans for insights, while\nreadWorkflowInsights should be sufficient for addressing found issues\nwithout the option to generate new ones.\n\n\nhttps://github.com/user-attachments/assets/8c1af654-d9e4-40d7-8718-1388677e8d46","sha":"f4365f6e8999c311335af87db60a6b378f8f4ed2"}}]}] BACKPORT--> Co-authored-by: Konrad Szwarc <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR addresses an issue where users with read privilege to insights were unable to successfully complete a remediation path due to the inability to mark an insight as remediated at the final step.
With this change, we adjust the required permissions for interacting with the update API from writeWorkflowInsights to readWorkflowInsights. The rationale behind this is that writeWorkflowInsights should signify the ability to trigger new scans for insights, while readWorkflowInsights should be sufficient for addressing found issues without the option to generate new ones.
Screen.Recording.2025-02-12.at.10.22.11.mov