Document workflow execution permissions#7137
Conversation
Clarify which user context workflows run with and how scheduled workflow execution credentials are refreshed after edits. Co-authored-by: Cursor <cursoragent@cursor.com>
Elastic Docs AI PR menuCheck the box to run an AI review for this pull request.
Powered by GitHub Agentic Workflows and docs-actions. For more information, reach out to the docs team. |
Elastic Docs Style Checker (Vale)Summary: 1 warning found
|
| File | Line | Rule | Message |
|---|---|---|---|
| explore-analyze/workflows/authorization.md | 44 | Elastic.Spelling | 'auditability' is a possible misspelling. |
The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale.
Avoid implying workflow execution permissions control connector usage. Co-authored-by: Cursor <cursoragent@cursor.com>
Document the user context used by manual, scheduled, rule-triggered, and event-triggered workflow runs. Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
florent-leborgne
left a comment
There was a problem hiding this comment.
Very useful content thanks for drafting it! My main comment would be about making this a page rather than a section on the concepts home page. WDYT?
|
Hey, @talboren 👋🏼 Thanks again for writing this up. I agree with all of Florent's feedback, including his recommendation to move this section to a dedicated page. In its current location, it's a bit obscured and doesn't quite fit the purpose of the "Workflow concepts" page which is to explain the basic units of workflows and direct users towards more details on them. The new page could cover what you've added in this PR and delve a bit deeper into the authorization model, for example, what the API key controls access to (Kibana and Elasticsearch resources), whether the key differs by deployment type (Stack vs Serverless), and how API keys are handled in certain scenarios (when someone leaves or changes their role's priv scope). If you're on board with this, I'm happy to pull this PR down and contribute. I'd just need to clarify a few details before doing so. |
Add a dedicated workflow execution permissions page and link to it from trigger and context reference docs. Co-authored-by: Cursor <cursoragent@cursor.com>
Name the stored API key behavior and tighten execution permissions cross-links. Co-authored-by: Cursor <cursoragent@cursor.com>
|
Hey, @talboren 👋🏼 I incorporated the notes from our meeting and updated the structure and contents of the page as follows:
Feel free to drop in comments if there's anything wrong or anything you'd like to see changed. Thanks! |
Summary
Context
This follows up on the workflow execution permissions docs gap after the Kibana fixes landed in elastic/kibana#272702 and elastic/kibana#275051.
Previews
execution.executedByupdated to point to the authorization page.