Configuring security for record editing

To allow end users to work with revisions, you must grant the Siren Investigate back-end user the following permissions:

  • Security must be configured for dataspace scoped indices by following the steps in Configuring security for shared indices.

  • Grant users the sic_user role, following the setup of the dataspace scoped indices, and set ACL ‘revise’ permission on entity tables to revise/create documents.

To grant ‘revise’ permission to a user, open the ACL permissions page of your saved object search from Management → Saved Objects → Entity tables and searches, and select the available options from the dropdown lists.

Saved Search ACL Revise Column

Limitations of legacy revision indices

Prior to Siren Investigate version 12.0, revision indices were not scoped to dataspaces and required extensive security permissions.

If you have legacy revision indices in your installation, then keep the security configuration as it is and they can continue to work as usual. However, the creation of new non-scoped revision indices is no longer supported.

Configuring an administrative user

To allow end users to work with revisions, the Siren Investigate back-end user must be granted the following permissions:

  • Full access to the indices that store revisions, for example, article_revised.

  • Permission to view the mappings for all indices that you want to enable revisions for, for example, article.

The following is an example of an investigate_system role definition for Elastic Stack Security that gives the back-end user full access to all index names that end in _revised. It also grants the permission to view the mappings of the article index:

{
  "cluster": [
    "cluster:internal/federate/*",
    "cluster:admin/federate/*",
    "cluster:monitor/*",
    "manage_index_templates"
  ],
  "indices": [
    {
      "names": [
        "/\\.siren.*/",
        "/siren-.*/",
        "/.*_revised/",
        "/watcher.*/",
        "/web-service-.*/"
      ],
      "privileges": [
        "all"
      ]
    },
    {
      "names": [
        "article"
      ],
      "privileges": [
        "view_index_metadata"
      ]
    }
  ]
}

The following is an analogous investigate_system role definition for Search Guard Classic:

investigate_system:
  cluster_permissions:
  - CLUSTER_COMPOSITE_OPS
  - CLUSTER_MANAGE
  - CLUSTER_MONITOR
  index_permissions:
  - index_patterns:
    - 'siren-*'
    # Grant the back-end user full access to all indices for which the name ends with "_revised".
    - '*_revised'
    - '?siren*'
    - '?map__*'
    - 'watcher*'
    - web-service-*
    allowed_actions:
    - INDICES_ALL
  # Grant the back-end user permission to read the mappings of every index pattern for which you want to enable revisions.
  - index_patterns:
    - 'article'
    allowed_actions:
    - VIEW_INDEX_METADATA

Configuring read access for end users

To allow end users to view the edited records, you must grant at least one of the associated roles read access to the indices where the revisions are stored.

The following is an investigate_user role definition for Elastic Stack security that grants read access to both the article index and the article_revised index.

{
  "cluster": [
    "cluster:internal/federate/*",
  ],
  "indices": [
    {
      "names": [
        "article",
        "article_revised",
      ],
      "privileges": [
        "read",
        "view_index_metadata"
      ]
    }
  ]
}

The following is an investigate_user role definition for Search Guard Classic that grants read access to both the article index and the article_revised index.

investigate_user:
  cluster_permissions:
  - CLUSTER_COMPOSITE_OPS_RO
  - CLUSTER_INTERNAL_FEDERATE
  index_permissions:
  - index_patterns:
    - 'article'
    - 'article_revised'
    allowed_actions:
    - READ
    - VIEW_INDEX_METADATA