Skip to content

[Security Solution] Hide error toasts for users with read-only permissions #161544

New issue
New issue
Open
Open
[Security Solution] Hide error toasts for users with read-only permissions#161544

Description

@xcrzx

xcrzx
openedon Jul 10, 2023

Users with read-only permissions are presented with error messages when they open any detection engine page.

Steps to Reproduce

  1. Log in as a user with the Security: Read privilege.
  2. Open any detection engine page, for instance, /kbn/app/security/rules/management.

Users are then shown two error toasts. These toasts aren't actionable and offer no clear guidance. The main problem is that users lack the necessary privileges as indicated in the callout (see the screenshot below). To avoid any confusion, we might consider hiding these error notifications when they are directly related to missing privileges.

image

The complete error message reads:

Error fetching fields for data view .alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-* (ID: security-solution-default)

Error: [object Object]: security_exception
	Root causes:
		security_exception: action [indices:data/read/field_caps] is unauthorized for user [test] with effective roles [test], this action is granted by the index privileges [view_index_metadata,manage,read,all]
    at http://localhost:5601/kbn/9007199254740991/bundles/plugin/dataViews/1.0.0/dataViews.plugin.js:3960:13
    at async DataViewsServicePublic.refreshFieldSpecMap (http://localhost:5601/kbn/9007199254740991/bundles/plugin/dataViews/1.0.0/dataViews.plugin.js:1835:13)
    at async DataViewsServicePublic.initFromSavedObjectLoadFields (http://localhost:5601/kbn/9007199254740991/bundles/plugin/dataViews/1.0.0/dataViews.plugin.js:1950:11)
    at async DataViewsServicePublic.initFromSavedObject (http://localhost:5601/kbn/9007199254740991/bundles/plugin/dataViews/1.0.0/dataViews.plugin.js:1982:36)

Request initiator: x-pack/plugins/security_solution/public/common/containers/sourcerer/get_sourcerer_data_view.ts

Role config

// GET /_security/role/test
{
  test: {
    cluster: [],
    indices: [],
    applications: [
      {
        application: "kibana-.kibana",
        privileges: ["feature_siem.read"],
        resources: ["*"],
      },
    ],
    run_as: [],
    metadata: {},
    transient_metadata: {
      enabled: true,
    },
  },
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    8.11 candidateTeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection EngineSecurity Solution Detection Engine AreaTeam:Detections and RespSecurity Detection Response TeamUXenhancementNew value added to drive a business result

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions