-
Notifications
You must be signed in to change notification settings - Fork 443
[RFC] Stage 0: Add user.is_privileged
boolean field
#2493
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
hop-dev
added a commit
to elastic/kibana
that referenced
this pull request
Jun 20, 2025
… (string) to `user.is_privileged` (boolean) (#224623) ## Summary We have [this RFC](elastic/ecs#2493) in, I think this is a safer bet and might save us a migration in the future: --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
mjwolf
approved these changes
Jun 23, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is good for RFC stage 0.
I've set this RFC to 0051.
For future RFC stages, there are a few more things to consider.
- What is a privileged user exactly? For example, it may not be just root, it can be a user with
wheel
or other similar groups. - In Linux, you can already use
user.effective.id
to see if the user is or has assumed root privilages, which holds similar info touser.is_privileged
- In Windows, is this set for all actions with an administrator account, or only actions with the elevated UAC permissions?
akowalska622
pushed a commit
to akowalska622/kibana
that referenced
this pull request
Jun 25, 2025
… (string) to `user.is_privileged` (boolean) (elastic#224623) ## Summary We have [this RFC](elastic/ecs#2493) in, I think this is a safer bet and might save us a migration in the future: --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This RFC proposes adding a new boolean field,
user.is_privileged
. It will explicitly flag when a user has elevated or administrative rights.