[DOCS] Add notes about security for ML anomaly detection job results (elastic#2204)

droberts195 · lcawl · web-flow · commit 0ec2d5121d62 · 2022-08-10T18:25:04.000+01:00
ML anomaly detection jobs cause certain field values from the
source indices to be copied into the results indices when an
anomaly is detected.

This PR calls out the security implications of that. If an ML
anomaly detection job is being run against sensitive data then
it is important to carefully consider who has access to ML
anomaly detection results.

Co-authored-by: Lisa Cawley &lt;lcawley@elastic.co&gt;
diff --git a/docs/en/stack/ml/setup.asciidoc b/docs/en/stack/ml/setup.asciidoc
@@ -70,6 +70,11 @@ For read-only access:
 * [ ] `read` index privileges on destination indices (for {dfanalytics-jobs}
   only)
 
+IMPORTANT: The `machine_learning_admin` and `machine_learning_user` built-in
+roles give access to the results of _all_ {anomaly-jobs}, irrespective of
+whether the user has access to the source indices. You must carefully consider
+who is given these roles, as {anomaly-job} results may propagate field values
+that contain sensitive information from the source indices to the results.
 
 [discrete]
 [[kib-security]]
@@ -125,6 +130,13 @@ Within a {kib} space, for read-only access to the {ml-features}, you must have:
 * [ ] {data-sources} and `read` index privileges on destination indices (for 
   {dfanalytics-jobs} only)
 
+IMPORTANT: A user who has full or read-only access to {ml-features} within
+a given {kib} space can view the results of _all_ {anomaly-jobs} that are
+visible in that space, even if they do not have access to the source indices
+of those jobs. You must carefully consider who is given access to
+{ml-features}, as {anomaly-job} results may propagate field values that contain sensitive information from the
+source indices to the results.
+
 NOTE: {data-sources-cap} can be automatically created when creating a 
 {dfanalytics-job}.
 
@@ -149,4 +161,4 @@ have:
   destination indices
 
 For more information, see {ref}/security-privileges.html[Security privileges] 
-and {kibana-ref}/kibana-privileges.html[{kib} privileges].
+and {kibana-ref}/kibana-privileges.html[{kib} privileges].
