Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request]: [SLOs] Update SLO privilege model docs #4229

Closed
dominiqueclarke opened this issue Sep 6, 2024 · 5 comments · Fixed by #4300
Closed

[Request]: [SLOs] Update SLO privilege model docs #4229

dominiqueclarke opened this issue Sep 6, 2024 · 5 comments · Fixed by #4300
Assignees
@eedugon
Labels
💝 community Request

Comments

@dominiqueclarke
Copy link
Contributor

What documentation page is affected

https://www.elastic.co/guide/en/observability/current/slo-privileges.html

What change would you like to see?

The SLO privilege model was updated for 8.16.0.

In particular, there is no longer a requirement for SLO editor users to have cluster privileges manage_transform and manage_ingest_pipelines.

Additionally, the correct index privileges were added to the Observability editor role. Therefore, users can now choose to either use the editor role or create a custom role to grant index privileges to SLO users.

The required index privileges are as follows

Editor user

.slo-observability-*: `read`, `view_index_metadata`, `write`, `manage`

Viewer user

.slo-observability-*: `read`, `view_index_metadata`

### Additional info

_No response_
@eedugon eedugon self-assigned this Sep 24, 2024
@eedugon
Copy link
Contributor

eedugon commented Sep 25, 2024
edited
Loading

Proposed changes to the doc (already working on them):

  • Change the names of the roles (SLO All and SLO Read) to SLO Editor and SLO Viewer.
  • Update the permissions needed for both types of roles to match the new values.
  • Update screenshots.

Add the information about the editor built-in role being another option to grant SLO Editor permissions to the users.

Any thoughts?

@eedugon eedugon mentioned this issue Sep 25, 2024
Merged
10 tasks
@eedugon
Copy link
Contributor

eedugon commented Sep 25, 2024

PR draft started here: #4300

@eedugon
Copy link
Contributor

eedugon commented Sep 25, 2024

@dominiqueclarke , would we need to update anything in the serverless documentation related with this issue?

Based on the doc https://www.elastic.co/docs/current/serverless/observability/create-an-slo it's mentioned that The Admin role or higher is required to create SLOs., so I would say we don't need to change anything at Serverless documentation side.

By the way, is the previous statement accurate for serverless? Shouldn't Editor be enough based on the explanations from https://www.elastic.co/docs/current/serverless/general/assign-user-roles#observability ? (sorry for the offtopic).

@dominiqueclarke
Copy link
Contributor Author

@eedugon

is the previous statement accurate for serverless? Shouldn't Editor be enough based on the explanations from

You are correct. We should update the serverless docs to mention The Editor role or higher is required to create SLOs, rather than Admin.

@eedugon
Copy link
Contributor

eedugon commented Oct 14, 2024

thanks @dominiqueclarke : I have updated also the serverless doc in the mentioned PR

@mergify mergify bot mentioned this issue Oct 16, 2024
Merged
10 tasks
@mergify mergify bot mentioned this issue Nov 7, 2024
Merged
10 tasks
@eedugon eedugon mentioned this issue Dec 11, 2024
Open
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eedugon eedugon

Labels
💝 community Request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

SLO roles privileges changed eedugon/observability-docs
2 participants
@dominiqueclarke @eedugon