Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RAC][Observability] Unable to load alerts in Observability alerts table if custom feature privileges are set #107142

Closed
mgiota opened this issue Jul 29, 2021 · 9 comments
Closed

[RAC][Observability] Unable to load alerts in Observability alerts table if custom feature privileges are set #107142

mgiota opened this issue Jul 29, 2021 · 9 comments
Assignees
@mgiota
Labels
Feature:Observability RAC Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services Theme: rac label obsolete

Comments

@mgiota
Copy link
Contributor

mgiota commented Jul 29, 2021
edited
Loading

📝 Summary

If a user has no Kibana privileges to view an Observability app, when he goes to the Observability > Alerts table to see the alerts of the rest Observability apps he has access to, he gets an error and sees no alerts at all.

Steps to reproduce

  1. Make sure to create some rule types for different Observability apps, Logs and Metrics in the example below.

Screenshot 2021-07-29 at 13 19 29

  1. Create a custom role and set None to one of the Observability Apps, Metrics in the example below. Create a new user and assign him the new role.

Screenshot 2021-07-29 at 13 17 13

  1. Login with the new user and go to Observability alerts. Observability table is empty and an error is shown Failed to run search on timeline events

Screenshot 2021-07-29 at 13 20 30

Screenshot 2021-07-29 at 13 20 54

✔️ Acceptance criteria

No privilege for Metrics app, privilege to access Logs app

  • Given user has no privilege to see the Metrics app
  • And he has the privilege to see the Logs app
  • When he has enabled a Log threshold rule type
  • And goes to the Observability Alerts table
  • Then he should be able to see the log threshold alerts
  • And no metric alerts
@botelastic botelastic bot added the needs-team Issues missing a team label label Jul 29, 2021
@mgiota mgiota added Theme: rac label obsolete Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services labels Jul 29, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/logs-metrics-ui (Team:logs-metrics-ui)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Jul 29, 2021
@weltenwort
Copy link
Member

@yctercero @dhurley14 could you help us figure out what might be the problem here?

@dhurley14
Copy link
Contributor

@mgiota @weltenwort Definitely. Can you export and post the JSON representation of the role for the user? It will be easier to determine exactly which privileges are missing if we see the full role.

@mgiota
Copy link
Contributor Author

mgiota commented Jul 30, 2021
edited
Loading

@dhurley14 Sure here's the json response I got from that request URL http://localhost:5631/ncl/api/security/role/test_role

{
   "name":"test_role",
   "metadata":{
      
   },
   "transient_metadata":{
      "enabled":true
   },
   "elasticsearch":{
      "cluster":[
         "all"
      ],
      "indices":[
         
      ],
      "run_as":[
         "test",
         "kibana_system_user"
      ]
   },
   "kibana":[
      {
         "base":[
            
         ],
         "feature":{
            "discover":[
               "read"
            ],
            "dashboard":[
               "read"
            ],
            "canvas":[
               "read"
            ],
            "maps":[
               "read"
            ],
            "ml":[
               "read"
            ],
            "graph":[
               "read"
            ],
            "visualize":[
               "read"
            ],
            "apm":[
               "all"
            ],
            "uptime":[
               "all"
            ],
            "siem":[
               "read"
            ],
            "observabilityCases":[
               "read"
            ],
            "dev_tools":[
               "read"
            ],
            "advancedSettings":[
               "read"
            ],
            "indexPatterns":[
               "read"
            ],
            "savedObjectsManagement":[
               "read"
            ],
            "savedObjectsTagging":[
               "read"
            ],
            "fleet":[
               "read"
            ],
            "actions":[
               "read"
            ],
            "stackAlerts":[
               "read"
            ],
            "logs":[
               "all"
            ]
         },
         "spaces":[
            "default"
         ]
      }
   ],
   "_transform_error":[
      
   ],
   "_unrecognized_applications":[
      
   ]
}

Let me know if that's all you need or if you need anything else I am not aware of.

@weltenwort
Copy link
Member

Is it possible that the RBAC part for the Alerts table is simple missing until #107242? Or is this unrelated?

@yctercero
Copy link
Contributor

Yes, #107242 needs to go in. We were doing the back and front end separate and had hoped to have this in last week. @weltenwort I saw you still have some blockers up but I think you got a chance to chat with @XavierM about it. Are they still blockers?

@mgiota
Copy link
Contributor Author

mgiota commented Aug 9, 2021

I tested again after merge of #107242:

  • I don't get the Failed to run search on timeline events error I was getting before, which looks good
  • but I don't see any alerts in the Observability > Alerts table anymore.
  • I don't see any alerts with a kibana_system_user as well.

Screenshot 2021-08-09 at 16 41 16

Could it be that above PR is responsible for Alerts not being shown anymore?

@weltenwort
Copy link
Member

@mgiota Did you create the alerts via the respective solution UI or the central rule management? The alerts from the latter don't show up yet as has been discussed last week. I'll follow up on how we'll fix that soon.

@mgiota
Copy link
Contributor Author

mgiota commented Aug 10, 2021

@weltenwort These alerts were created via the respective solution UI. The issue was a custom xpack.ruleRegistry.index I was using. I removed that and I confirm that alerts appear in my table as expected.

Screenshot 2021-08-10 at 11 56 13

@mgiota mgiota closed this as completed Aug 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mgiota mgiota

Labels
Feature:Observability RAC Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services Theme: rac label obsolete
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dhurley14 @weltenwort @mgiota @yctercero @elasticmachine