Skip to content

x-pack/filebeat/input/entityanalytics/provider/okta: add enrichment to obtain granted permissions #49779

Description

@chemamartinez

It is required to populate a new ECS field called user.entity.attributes.granted_permissions.

To get this from Okta entities, a new API call to the endpoint /api/v1/iam/roles/{roleId}/permissions is required.

This endpoint returns only explicit permissions from custom roles,

A two-step call would be needed: list user's roles (this is currently done with a configuration option), and for any custom role, fetch its permissions and add them to the output event along with their associated role.

It requires a new scope: okta.roles.read

Metadata

Metadata

Assignees

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions