maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[SIEM][Detection Engine][Lists] Adds list permissions (#72335)

Browse source 
## Summary

* Adds list permissions as a feature control to SIEM.
* Separates the controls between two, one of which is `access:lists-all` and the other is `access:lists-read`
* Grants SIEM the ability to utilize both depending on which feature mode the space is in.
This commit is contained in:
Frank Hassanabad 2020-07-20 11:00:59 -06:00 committed by GitHub
parent afae94a85e
commit 8a4daffcfd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
35 changed files with 50 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
x-pack/plugins/lists/server/routes/create_endpoint_list_item_route.ts
View file

@ -21,7 +21,7 @@ export const createEndpointListItemRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: ENDPOINT_LIST_ITEM_URL,
validate: {

2
x-pack/plugins/lists/server/routes/create_endpoint_list_route.ts
View file

@ -26,7 +26,7 @@ export const createEndpointListRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: ENDPOINT_LIST_URL,
validate: false,

2
x-pack/plugins/lists/server/routes/create_exception_list_item_route.ts
View file

@ -22,7 +22,7 @@ export const createExceptionListItemRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_ITEM_URL,
validate: {

2
x-pack/plugins/lists/server/routes/create_exception_list_route.ts
View file

@ -21,7 +21,7 @@ export const createExceptionListRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_URL,
validate: {

2
x-pack/plugins/lists/server/routes/create_list_index_route.ts
View file

@ -17,7 +17,7 @@ export const createListIndexRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_INDEX,
validate: false,

2
x-pack/plugins/lists/server/routes/create_list_item_route.ts
View file

@ -17,7 +17,7 @@ export const createListItemRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_ITEM_URL,
validate: {

2
x-pack/plugins/lists/server/routes/create_list_route.ts
View file

@ -17,7 +17,7 @@ export const createListRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_URL,
validate: {

2
x-pack/plugins/lists/server/routes/delete_endpoint_list_item_route.ts
View file

@ -21,7 +21,7 @@ export const deleteEndpointListItemRoute = (router: IRouter): void => {
router.delete(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: ENDPOINT_LIST_ITEM_URL,
validate: {

2
x-pack/plugins/lists/server/routes/delete_exception_list_item_route.ts
View file

@ -21,7 +21,7 @@ export const deleteExceptionListItemRoute = (router: IRouter): void => {
router.delete(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_ITEM_URL,
validate: {

2
x-pack/plugins/lists/server/routes/delete_exception_list_route.ts
View file

@ -21,7 +21,7 @@ export const deleteExceptionListRoute = (router: IRouter): void => {
router.delete(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_URL,
validate: {

2
x-pack/plugins/lists/server/routes/delete_list_index_route.ts
View file

@ -33,7 +33,7 @@ export const deleteListIndexRoute = (router: IRouter): void => {
router.delete(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_INDEX,
validate: false,

2
x-pack/plugins/lists/server/routes/delete_list_item_route.ts
View file

@ -17,7 +17,7 @@ export const deleteListItemRoute = (router: IRouter): void => {
router.delete(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_ITEM_URL,
validate: {

2
x-pack/plugins/lists/server/routes/delete_list_route.ts
View file

@ -17,7 +17,7 @@ export const deleteListRoute = (router: IRouter): void => {
router.delete(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_URL,
validate: {

2
x-pack/plugins/lists/server/routes/export_list_item_route.ts
View file

@ -18,7 +18,7 @@ export const exportListItemRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: `${LIST_ITEM_URL}/_export`,
validate: {

2
x-pack/plugins/lists/server/routes/find_endpoint_list_item_route.ts
View file

@ -21,7 +21,7 @@ export const findEndpointListItemRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: `${ENDPOINT_LIST_ITEM_URL}/_find`,
validate: {

2
x-pack/plugins/lists/server/routes/find_exception_list_item_route.ts
View file

@ -21,7 +21,7 @@ export const findExceptionListItemRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: `${EXCEPTION_LIST_ITEM_URL}/_find`,
validate: {

2
x-pack/plugins/lists/server/routes/find_exception_list_route.ts
View file

@ -21,7 +21,7 @@ export const findExceptionListRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: `${EXCEPTION_LIST_URL}/_find`,
validate: {

2
x-pack/plugins/lists/server/routes/find_list_item_route.ts
View file

@ -22,7 +22,7 @@ export const findListItemRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: `${LIST_ITEM_URL}/_find`,
validate: {

2
x-pack/plugins/lists/server/routes/find_list_route.ts
View file

@ -18,7 +18,7 @@ export const findListRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: `${LIST_URL}/_find`,
validate: {

2
x-pack/plugins/lists/server/routes/import_list_item_route.ts
View file

@ -26,7 +26,7 @@ export const importListItemRoute = (router: IRouter, config: ConfigType): void =
maxBytes: config.maxImportPayloadBytes,
parse: false,
},
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: `${LIST_ITEM_URL}/_import`,
validate: {

2
x-pack/plugins/lists/server/routes/patch_list_item_route.ts
View file

@ -17,7 +17,7 @@ export const patchListItemRoute = (router: IRouter): void => {
router.patch(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_ITEM_URL,
validate: {

2
x-pack/plugins/lists/server/routes/patch_list_route.ts
View file

@ -17,7 +17,7 @@ export const patchListRoute = (router: IRouter): void => {
router.patch(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_URL,
validate: {

2
x-pack/plugins/lists/server/routes/read_endpoint_list_item_route.ts
View file

@ -21,7 +21,7 @@ export const readEndpointListItemRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: ENDPOINT_LIST_ITEM_URL,
validate: {

2
x-pack/plugins/lists/server/routes/read_exception_list_item_route.ts
View file

@ -21,7 +21,7 @@ export const readExceptionListItemRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: EXCEPTION_LIST_ITEM_URL,
validate: {

2
x-pack/plugins/lists/server/routes/read_exception_list_route.ts
View file

@ -21,7 +21,7 @@ export const readExceptionListRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: EXCEPTION_LIST_URL,
validate: {

2
x-pack/plugins/lists/server/routes/read_list_index_route.ts
View file

@ -17,7 +17,7 @@ export const readListIndexRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: LIST_INDEX,
validate: false,

2
x-pack/plugins/lists/server/routes/read_list_item_route.ts
View file

@ -17,7 +17,7 @@ export const readListItemRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: LIST_ITEM_URL,
validate: {

2
x-pack/plugins/lists/server/routes/read_list_route.ts
View file

@ -17,7 +17,7 @@ export const readListRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: LIST_URL,
validate: {

2
x-pack/plugins/lists/server/routes/read_privileges_route.ts
View file

@ -20,7 +20,7 @@ export const readPrivilegesRoute = (
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: LIST_PRIVILEGES_URL,
validate: false,

2
x-pack/plugins/lists/server/routes/update_endpoint_list_item_route.ts
View file

@ -21,7 +21,7 @@ export const updateEndpointListItemRoute = (router: IRouter): void => {
router.put(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: ENDPOINT_LIST_ITEM_URL,
validate: {

2
x-pack/plugins/lists/server/routes/update_exception_list_item_route.ts
View file

@ -21,7 +21,7 @@ export const updateExceptionListItemRoute = (router: IRouter): void => {
router.put(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_ITEM_URL,
validate: {

2
x-pack/plugins/lists/server/routes/update_exception_list_route.ts
View file

@ -21,7 +21,7 @@ export const updateExceptionListRoute = (router: IRouter): void => {
router.put(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_URL,
validate: {

2
x-pack/plugins/lists/server/routes/update_list_item_route.ts
View file

@ -17,7 +17,7 @@ export const updateListItemRoute = (router: IRouter): void => {
router.put(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_ITEM_URL,
validate: {

2
x-pack/plugins/lists/server/routes/update_list_route.ts
View file

@ -17,7 +17,7 @@ export const updateListRoute = (router: IRouter): void => {
router.put(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_URL,
validate: {

18
x-pack/plugins/security_solution/server/plugin.ts
View file

@ -167,7 +167,14 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
all: {
app: [...securitySubPlugins, 'kibana'],
catalogue: ['securitySolution'],
api: ['securitySolution', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'],
api: [
'securitySolution',
'actions-read',
'actions-all',
'alerting-read',
'alerting-all',
'lists-all',
],
savedObject: {
all: [
'alert',
@ -195,7 +202,14 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
read: {
app: [...securitySubPlugins, 'kibana'],
catalogue: ['securitySolution'],
api: ['securitySolution', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'],
api: [
'securitySolution',
'actions-read',
'actions-all',
'alerting-read',
'alerting-all',
'lists-read',
],
savedObject: {
all: ['alert', 'action', 'action_task_params'],
read: [