kibana-privilege-deprecation
Installation
SKILL.md
Kibana Privilege Deprecation
Guides implementing and reviewing backward-compatible Kibana feature privilege deprecations using the deprecated privilege mapping framework.
When to Use
- Renaming a feature (e.g.
alpha->beta) - Splitting a feature into multiple features
- Consolidating multiple features into one
- Moving capabilities between feature/sub-feature privileges
- Reviewing PRs that deprecate features or change privilege mappings
Key Concepts
- Deprecated feature: A feature marked with
deprecatedproperty that is frozen for backward compatibility. Not shown in role management UI; privileges still registered in Elasticsearch. replacedBymapping: Links each deprecated privilege to equivalent non-deprecated privilege(s). Required on every privilege of a deprecated feature.- Lazy migration: Roles are not auto-migrated. Deprecated privileges are replaced with current ones when an admin saves via UI.
kibana_systemcannot alter roles - this is a security constraint driving the entire design.