Open
Description
openedon Jul 10, 2023
Users with read-only permissions are presented with error messages when they open any detection engine page.
Steps to Reproduce
- Log in as a user with the
Security: Read
privilege. - Open any detection engine page, for instance,
/kbn/app/security/rules/management
.
Users are then shown two error toasts. These toasts aren't actionable and offer no clear guidance. The main problem is that users lack the necessary privileges as indicated in the callout (see the screenshot below). To avoid any confusion, we might consider hiding these error notifications when they are directly related to missing privileges.
The complete error message reads:
Error fetching fields for data view .alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-* (ID: security-solution-default)
Error: [object Object]: security_exception
Root causes:
security_exception: action [indices:data/read/field_caps] is unauthorized for user [test] with effective roles [test], this action is granted by the index privileges [view_index_metadata,manage,read,all]
at http://localhost:5601/kbn/9007199254740991/bundles/plugin/dataViews/1.0.0/dataViews.plugin.js:3960:13
at async DataViewsServicePublic.refreshFieldSpecMap (http://localhost:5601/kbn/9007199254740991/bundles/plugin/dataViews/1.0.0/dataViews.plugin.js:1835:13)
at async DataViewsServicePublic.initFromSavedObjectLoadFields (http://localhost:5601/kbn/9007199254740991/bundles/plugin/dataViews/1.0.0/dataViews.plugin.js:1950:11)
at async DataViewsServicePublic.initFromSavedObject (http://localhost:5601/kbn/9007199254740991/bundles/plugin/dataViews/1.0.0/dataViews.plugin.js:1982:36)
Request initiator: x-pack/plugins/security_solution/public/common/containers/sourcerer/get_sourcerer_data_view.ts
Role config
// GET /_security/role/test
{
test: {
cluster: [],
indices: [],
applications: [
{
application: "kibana-.kibana",
privileges: ["feature_siem.read"],
resources: ["*"],
},
],
run_as: [],
metadata: {},
transient_metadata: {
enabled: true,
},
},
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment