Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fine-grained access controls #296

Closed
mmguero opened this issue Nov 21, 2023 · 1 comment
Closed

fine-grained access controls #296

mmguero opened this issue Nov 21, 2023 · 1 comment
Labels
arkime Relating to Malcolm's use of Arkime enhancement New feature or request nginx Relating to Malcolm's use of nginx opensearch Relating to Malcolm's use of OpenSearch security Related to issues with bearing on the security of Malcolm itself
Milestone
z.staging

Comments

@mmguero
Copy link
Collaborator

mmguero commented Nov 21, 2023
edited
Loading

Malcolm doesn't currently have any kind of fine-grained access controls. In other words, if you're a logged in user you can pretty much do whatever all the other logged-in users can do.

This is a feature that will be important as the project gets bigger. But we have a few things to consider:

  • It needs to work with both basic auth and LDAP auth. How to specify permissions for both?
  • Arkime has permissions as well, so does OpenSearch/OpenSearch dashboards, how to overlay them in a consistent way?

This is a pretty big feature but would be of value. I think that, at least initially it should be pretty basic: basically something like the concept of a "read-only" user (can view all data, but not upload or write data) vs. a "read-write" user (can do both). It would be really nice if we could handle this entirely at the NGINX level in nginx.conf somehow, (see limit_except in this example).
@mmguero mmguero added enhancement New feature or request opensearch Relating to Malcolm's use of OpenSearch arkime Relating to Malcolm's use of Arkime nginx Relating to Malcolm's use of nginx security Related to issues with bearing on the security of Malcolm itself labels Nov 21, 2023
@mmguero mmguero added this to Malcolm Nov 21, 2023
@mmguero mmguero moved this to Todo (design) in Malcolm Nov 21, 2023
@mmguero mmguero added this to the z.staging milestone Jan 17, 2024
@mmguero mmguero modified the milestone: z.staging Aug 20, 2024
@mmguero mmguero mentioned this issue Nov 5, 2024
Open
@mmguero
Copy link
Collaborator Author

mmguero commented Nov 5, 2024

Kamino closed and cloned this issue to cisagov/Malcolm

@mmguero mmguero closed this as completed Nov 5, 2024
@github-project-automation github-project-automation bot moved this from Todo (design) to Done in Malcolm Nov 5, 2024
@mmguero mmguero moved this from Done to Migrated in Malcolm Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
arkime Relating to Malcolm's use of Arkime enhancement New feature or request nginx Relating to Malcolm's use of nginx opensearch Relating to Malcolm's use of OpenSearch security Related to issues with bearing on the security of Malcolm itself
Projects
Malcolm
Status: Migrated
Milestone
z.staging
Development

No branches or pull requests
1 participant
@mmguero