Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fine-grained access controls #460

Open
mmguero opened this issue Nov 5, 2024 · 0 comments
Open

fine-grained access controls #460

mmguero opened this issue Nov 5, 2024 · 0 comments
Labels
arkime Relating to Malcolm's use of Arkime enhancement New feature or request nginx Relating to Malcolm's use of nginx opensearch Relating to Malcolm's use of OpenSearch security Related to issues with bearing on the security of Malcolm itself
Milestone
z.staging

Comments

@mmguero
Copy link
Collaborator

mmguero commented Nov 5, 2024

@mmguero cloned issue idaholab/Malcolm#296 on 2023-11-21:

Malcolm doesn't currently have any kind of fine-grained access controls. In other words, if you're a logged in user you can pretty much do whatever all the other logged-in users can do.

This is a feature that will be important as the project gets bigger. But we have a few things to consider:

  • It needs to work with both basic auth and LDAP auth. How to specify permissions for both?
  • Arkime has permissions as well, so does OpenSearch/OpenSearch dashboards, how to overlay them in a consistent way?

This is a pretty big feature but would be of value. I think that, at least initially it should be pretty basic: basically something like the concept of a "read-only" user (can view all data, but not upload or write data) vs. a "read-write" user (can do both). It would be really nice if we could handle this entirely at the NGINX level in nginx.conf somehow, (see limit_except in this example).
@mmguero mmguero added arkime Relating to Malcolm's use of Arkime enhancement New feature or request nginx Relating to Malcolm's use of nginx opensearch Relating to Malcolm's use of OpenSearch security Related to issues with bearing on the security of Malcolm itself labels Nov 5, 2024
@mmguero mmguero mentioned this issue Nov 5, 2024
Closed
@mmguero mmguero added this to Malcolm Nov 5, 2024
@mmguero mmguero added this to the z.staging milestone Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
arkime Relating to Malcolm's use of Arkime enhancement New feature or request nginx Relating to Malcolm's use of nginx opensearch Relating to Malcolm's use of OpenSearch security Related to issues with bearing on the security of Malcolm itself
Projects
Malcolm
Status: No status
Milestone
z.staging
Development

No branches or pull requests
1 participant
@mmguero