Configuring security for record editing
To allow end users to work with revisions, you must grant the Siren Investigate back-end user the following permissions:
-
Security must be configured for dataspace scoped indices by following the steps in Configuring security for shared indices.
-
Grant users the
sic_user
role, following the setup of the dataspace scoped indices, and set ACL ‘revise’ permission on entity tables to revise/create documents.
To grant ‘revise’ permission to a user, open the ACL permissions page of your saved object search from Management → Saved Objects → Entity tables and searches, and select the available options from the dropdown lists.
Limitations of legacy revision indices
Prior to Siren Investigate version 12.0, revision indices were not scoped to dataspaces and required extensive security permissions.
If you have legacy revision indices in your installation, then keep the security configuration as it is and they can continue to work as usual. However, the creation of new non-scoped revision indices is no longer supported.
Configuring an administrative user
To allow end users to work with revisions, the Siren Investigate back-end user must be granted the following permissions:
-
Full access to the indices that store revisions, for example,
article_revised
. -
Permission to view the mappings for all indices that you want to enable revisions for, for example,
article
.
The following is an example of an investigate_system
role definition for Elastic Stack Security that gives the back-end user full access to all index names that end in _revised
. It also grants the permission to view the mappings of the article
index:
{
"cluster": [
"cluster:internal/federate/*",
"cluster:admin/federate/*",
"cluster:monitor/*",
"manage_index_templates"
],
"indices": [
{
"names": [
"/\\.siren.*/",
"/siren-.*/",
"/.*_revised/",
"/watcher.*/",
"/web-service-.*/"
],
"privileges": [
"all"
]
},
{
"names": [
"article"
],
"privileges": [
"view_index_metadata"
]
}
]
}
The following is an analogous investigate_system
role definition for Search Guard Classic:
investigate_system:
cluster_permissions:
- CLUSTER_COMPOSITE_OPS
- CLUSTER_MANAGE
- CLUSTER_MONITOR
index_permissions:
- index_patterns:
- 'siren-*'
# Grant the back-end user full access to all indices for which the name ends with "_revised".
- '*_revised'
- '?siren*'
- '?map__*'
- 'watcher*'
- web-service-*
allowed_actions:
- INDICES_ALL
# Grant the back-end user permission to read the mappings of every index pattern for which you want to enable revisions.
- index_patterns:
- 'article'
allowed_actions:
- VIEW_INDEX_METADATA
Configuring read access for end users
To allow end users to view the edited records, you must grant at least one of the associated roles read access to the indices where the revisions are stored.
The following is an investigate_user
role definition for Elastic Stack security that grants read access to both the article
index and the article_revised
index.
{
"cluster": [
"cluster:internal/federate/*",
],
"indices": [
{
"names": [
"article",
"article_revised",
],
"privileges": [
"read",
"view_index_metadata"
]
}
]
}
The following is an investigate_user
role definition for Search Guard Classic that grants read access to both the article
index and the article_revised
index.
investigate_user:
cluster_permissions:
- CLUSTER_COMPOSITE_OPS_RO
- CLUSTER_INTERNAL_FEDERATE
index_permissions:
- index_patterns:
- 'article'
- 'article_revised'
allowed_actions:
- READ
- VIEW_INDEX_METADATA