Rule Extension or component rule

driveirk · March 22, 2024, 8:12pm

I have a problem, maybe you can come up with a better solution than I came up with.
I have ldap and 3 user groups:
ROR rules:
[user, elevated_user, admin]

I have a new group of people who can only see index A, group A
ROR rules:
[user_a, elevated_user_a, user, elevated_user, admin]

A second group appears, which sees only index B, group B
ROR rules:
[user_a,b , elevated_user_a,b, user_a, elevated_user_a, user_b, elevated_user_b, user, elevated_user, admin]

As you can see, the number of ACL rules is growing very quickly.
I tried doing this:

    - name: "index list"
      users: ["user"]
      ldap_authentication:
        name: "ldap"
      indices: ["*:*logs-A*"]

   - name: "Allow Kibana and regular indices access for AD users in ACL-APP-Kibana-Elevated Users"
      type: allow
      ldap_authentication:
        name: "ldap"
      ldap_authorization:
        name: "ldap"
        groups: ["elevated"]
      kibana_access: rw

But this option didn’t work for me. Maybe you know how to make sure that my ror config doesn’t take up several hundred megabytes?

{“customer_id”: “6c4a385b-2ae8-4f02-a9cd-ef24addfb5b3”, “subscription_id”: “32d4073f-dc2f-4056-a868-842727c637cd”}

driveirk · March 22, 2024, 8:24pm

The difference between a regular user and an elevated one is the number of buttons in the kibank. Used kibana_hide_app

coutoPL · March 23, 2024, 3:57pm

I’m not sure I understand deeply what you are exactly trying to achieve.
However, we have analyzed a similar case (dynamic groups /from LDAP/ and mapping to indices) for one of our clients. We have prepared a demo based on our sandbox. Please take a look.

driveirk · March 25, 2024, 10:13am

This looks like what we need. I’ll try to test it.

coutoPL · April 18, 2024, 7:52pm

Can we close this one?