Skip to content

Document workflow execution permissions#7137

Open
talboren wants to merge 9 commits into
elastic:mainfrom
talboren:workflows-execution-permissions-docs
Open

Document workflow execution permissions#7137
talboren wants to merge 9 commits into
elastic:mainfrom
talboren:workflows-execution-permissions-docs

Conversation

@talboren

@talboren talboren commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Adds a dedicated workflow execution permissions page.
  • Documents which user context is used for manual, scheduled, rule-triggered, and event-driven workflow runs.
  • Adds links from trigger and context reference docs so the permissions model is easier to discover.

Context

This follows up on the workflow execution permissions docs gap after the Kibana fixes landed in elastic/kibana#272702 and elastic/kibana#275051.

Previews

  • Workflow authorization - New page. Verify tables, admonitions, and all cross-links render correctly.
  • Workflow concepts - Updated link text and description for the authorization entry.
  • Manual triggers - New sentence added linking to the authorization page.
  • Scheduled triggers - "permissions" replaced with "privileges"; link updated to authorization page.
  • Alert triggers - "permissions" replaced with "privileges"; link updated to authorization page.
  • Event-driven triggers - Related section link updated to authorization page.
  • Context variables - Cross-reference for execution.executedBy updated to point to the authorization page.

Clarify which user context workflows run with and how scheduled workflow execution credentials are refreshed after edits.

Co-authored-by: Cursor <cursoragent@cursor.com>
@github-actions

Copy link
Copy Markdown
Contributor

Elastic Docs AI PR menu

Check the box to run an AI review for this pull request.

  • Review docs changes (docs-review). Status: not started.

Powered by GitHub Agentic Workflows and docs-actions. For more information, reach out to the docs team.

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Elastic Docs Style Checker (Vale)

Summary: 1 warning found

⚠️ Warnings (1): Fix when the suggestion improves clarity or correctness.
File Line Rule Message
explore-analyze/workflows/authorization.md 44 Elastic.Spelling 'auditability' is a possible misspelling.

The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale.

talboren and others added 3 commits June 29, 2026 14:06
Avoid implying workflow execution permissions control connector usage.

Co-authored-by: Cursor <cursoragent@cursor.com>
Document the user context used by manual, scheduled, rule-triggered, and event-triggered workflow runs.

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@talboren talboren marked this pull request as ready for review June 30, 2026 07:28
@talboren talboren requested review from a team as code owners June 30, 2026 07:28

@florent-leborgne florent-leborgne left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very useful content thanks for drafting it! My main comment would be about making this a page rather than a section on the concepts home page. WDYT?

Comment thread explore-analyze/workflows/concepts.md Outdated
Comment thread explore-analyze/workflows/concepts.md Outdated
Comment thread explore-analyze/workflows/concepts.md Outdated
Comment thread explore-analyze/workflows/concepts.md Outdated
Comment thread explore-analyze/workflows/concepts.md Outdated
Comment thread explore-analyze/workflows/concepts.md Outdated
Comment thread explore-analyze/workflows/concepts.md
Comment thread explore-analyze/workflows/concepts.md
Comment thread explore-analyze/workflows/concepts.md Outdated
@nastasha-solomon

Copy link
Copy Markdown
Member

Hey, @talboren 👋🏼 Thanks again for writing this up. I agree with all of Florent's feedback, including his recommendation to move this section to a dedicated page. In its current location, it's a bit obscured and doesn't quite fit the purpose of the "Workflow concepts" page which is to explain the basic units of workflows and direct users towards more details on them.

The new page could cover what you've added in this PR and delve a bit deeper into the authorization model, for example, what the API key controls access to (Kibana and Elasticsearch resources), whether the key differs by deployment type (Stack vs Serverless), and how API keys are handled in certain scenarios (when someone leaves or changes their role's priv scope).

If you're on board with this, I'm happy to pull this PR down and contribute. I'd just need to clarify a few details before doing so.

Add a dedicated workflow execution permissions page and link to it from trigger and context reference docs.

Co-authored-by: Cursor <cursoragent@cursor.com>
Name the stored API key behavior and tighten execution permissions cross-links.

Co-authored-by: Cursor <cursoragent@cursor.com>
@nastasha-solomon

Copy link
Copy Markdown
Member

Hey, @talboren 👋🏼 I incorporated the notes from our meeting and updated the structure and contents of the page as follows:

  • Minor rewrite and expanded page content - The rewrite consolidated everything into a single dedicated page, expanded coverage to all five trigger types, and added sections on API key scope, troubleshooting, and how Kibana records execution identity.
  • Applied terminology rules throughout - Replaced "permissions" with "privileges" to make the terminology consistent with the API keys reference docs.
  • Improved for scalability - Added tables to make details easier to scan and reference.

Feel free to drop in comments if there's anything wrong or anything you'd like to see changed. Thanks!

@nastasha-solomon nastasha-solomon added the Team:SKI Issues owned by the SKI Docs Team label Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Team:SKI Issues owned by the SKI Docs Team

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants