user.group should not be a keyword field, but a place where we can nest the group field set
#304
Comments
8 tasks
|
Seems perfectly reasonable to make group a reusable object so it can be nested under user.* |
|
I like the suggestion. The problem I see is that we can't really make this change now expect we treat it as a bug. |
This was referenced Jan 23, 2019
webmat
added a commit
to elastic/beats
that referenced
this issue
Jan 24, 2019
This change enables us to nest the `group` field set at `user.group`, rather than being limited to only group name. Imports the changes from ECS elastic/ecs#308, which solves elastic/ecs#304.
DStape
pushed a commit
to DStape/beats
that referenced
this issue
Aug 20, 2019
This change enables us to nest the `group` field set at `user.group`, rather than being limited to only group name. Imports the changes from ECS elastic/ecs#308, which solves elastic/ecs#304.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current definition of the field
user.groupis problematic, in that it's a place to put a textual group name. This doesn't leave room for other bits of metadata related to a group (the most obvious one being group.id).The
user.groupfield actually goes against our principle of not reusing the name of a field set (group) as a field with a different meaning (user.groupbeing a string, rather than the nested field set).This issue came up while working on the right way to represent the various users/groups that went into determining effective rights: elastic/beats#10192, elastic/beats#9963 and elastic/beats#10111.
I would like to suggest we make this change for ECS 1.0.0 GA.
Discuss ;-)
cc @ruflin @MikePaquette @cwurm @andrewkroh
The text was updated successfully, but these errors were encountered: