Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow user to search saved objects across Spaces #27003

Closed
jinmu03 opened this issue Dec 12, 2018 · 9 comments · Fixed by #67644
Closed

Allow user to search saved objects across Spaces #27003

jinmu03 opened this issue Dec 12, 2018 · 9 comments · Fixed by #67644
Assignees
Labels
enhancement New value added to drive a business result Feature:Security/Spaces Platform Security - Spaces feature loe:x-large Extra Large Level of Effort REASSIGN from Team:Core UI Deprecated label for old Core UI team Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@jinmu03
Copy link
Contributor

jinmu03 commented Dec 12, 2018

Search across spaces

Scope

MVP is only concerned with the _find operation for saved objects. All other APIs and operations will continue to be scoped to the user's current space.

Approach 1: Expose namespaces as a query parameter

  • /api/saved_objects/_find?type=index-pattern&namespaces=*
/_find OSS Spaces Security Spaces + Security
No namespaces specified no changes (search within default namespace) search within user's active space no changes (authorize operation globally: * resource) no changes: Spaces: search within user's active space Security: authorize operation against user's active space
namespaces=foo search within foo namespace. This isn't something we should normally do, however. search within foo space, instead of user's active space. Authorize operation against foo resource Spaces: search within foo space Security: authorize operation against foo resource
namespaces=foo,bar search within both foo and bar namespaces. search within foo and bar spaces, instead of user's active space Authorize operation against both foo and bar resources Spaces: search within foo and bar spaces Security: authorize operation against both foo and bar resources
namespaces=* Options:
  • reject operation
  • ignore parameter, search as if it wasn't specified
  • search across all namespaces
Steps:
  1. query for all spaces
  2. search within all available spaces instead of user's active space.
Authorize operation globally: * resource 1) query for all spaces where authorized to find the requested types 2) search within all authorized spaces instead of user's active space

Approach 2: Denote which APIs can support a multi-space operation:

  • /s/*/api/saved_objects/_find?foo=bar

Not currently exploring this option. We would require a way for routes to opt-into this behavior in a way that makes sense for OSS too. The only current mechanism is the tags route option, which isn't ideal.

Complications

  • Different saved objects can share an ID across spaces. How to resolve this?
    • If we can wait for Phase 3? of sharing saved objects between spaces, then this problem goes away
    • If not, then we can return these "duplicate" objects, but denote which namespaces they exist in.
@jinmu03 jinmu03 added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! enhancement New value added to drive a business result labels Dec 12, 2018
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security

@legrego legrego added the Feature:Security/Spaces Platform Security - Spaces feature label Dec 12, 2018
@AlonaNadler
Copy link

@bmcconaghy I believe it falls under the global search initiative

@bmcconaghy
Copy link
Contributor

Do you mean Global UI (or Core UI, we need to settle on a name). If so, then yes I think that saved objects will be on that team. We will need to coordinate any efforts with security as we will want to make sure that we enforce correct permissions. I guess I am wondering how exactly this will work, though. Will you be able to search any space you have permissions for from any other space?

@jinmu03
Copy link
Contributor Author

jinmu03 commented Jun 20, 2019

I'd say only allow users to search Spaces they have access to.

@AlonaNadler
Copy link

@Bill I can't find the issue, we also have the design mockups for that for a while, the idea is similar to mac spotlight where you can search for objects, applications or sub menus (index pattern) and navigate quickly. The objects will be based on the spaces the users have access to

@snide any recollection where is this issue?

@bmcconaghy
Copy link
Contributor

This seems like it will be confusing to users. If they can search for objects across spaces but only use objects in the space they are defined in, it will be a weird experience I think.

@AlonaNadler
Copy link

Currently if users have more than 1 space and they need to go to a specific dashboard in another space they need to:

  • switch to space A
  • go to dashboard application
  • search for dashboard B
  • open dashboard B

We can make it better for them, by providing quick navigation across all their applications and objects in Kibana. The right UI should show the relevant objects based on the term the users searched and explicitly call when these objects are in a different space.

@ryankeairns ryankeairns changed the title Allow user to search saved objects across Spaces [Global search] Allow user to search saved objects across Spaces Jan 28, 2020
@ryankeairns ryankeairns added the REASSIGN from Team:Core UI Deprecated label for old Core UI team label Jan 28, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-core-ui (Team:Core UI)

@ryankeairns
Copy link
Contributor

Related to #15019

@ryankeairns ryankeairns added the loe:x-large Extra Large Level of Effort label Jan 29, 2020
@ryankeairns ryankeairns changed the title [Global search] Allow user to search saved objects across Spaces Allow user to search saved objects across Spaces Feb 13, 2020
@legrego legrego self-assigned this Jun 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New value added to drive a business result Feature:Security/Spaces Platform Security - Spaces feature loe:x-large Extra Large Level of Effort REASSIGN from Team:Core UI Deprecated label for old Core UI team Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants