Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Management] Stack Management link shows when user has insufficient permissions #163180

Open
alisonelizabeth opened this issue Aug 4, 2023 · 5 comments
Labels
bug Fixes for quality problems that affect the customer experience Team:Kibana Management Dev Tools, Index Management, Upgrade Assistant, ILM, Ingest Node Pipelines, and more

Comments

@alisonelizabeth
Copy link
Contributor

alisonelizabeth commented Aug 4, 2023

Kibana version:
8.9.0

Describe the bug:
The "Stack Management" link shows on the home page when the user does not have sufficient privileges to view the UIs under Stack Management.

Steps to reproduce:

  1. Set up a new Kibana space
  2. Create a new role
  3. Add the Kibana Dev Tools read privilege to the role
  4. Create a new user
  5. Assign role to thew user
  6. Login with user

Expected behavior:
Only the Dev Tools tile/links should show.

Screenshots (if relevant):
Screenshot 2023-08-04 at 11 04 57 AM

URL/error message when clicking from the home page
Screenshot 2023-08-04 at 11 05 50 AM

I would actually expect the link to go here (or not show at all)
Screenshot 2023-08-04 at 11 05 41 AM

Any additional context:
Looks like this logic was originally added via #108580.

After a quick investigation, it looks like iapplication.capabilities.navLinks.management returns true, which is unexpected. However, if you log application.capabilities.mangement, all plugins are marked as false (disabled).

Another interesting piece, is the actual link is wrong from the home page. If I go to the correct management link, I see the expected error message.

@alisonelizabeth alisonelizabeth added bug Fixes for quality problems that affect the customer experience Team:Kibana Management Dev Tools, Index Management, Upgrade Assistant, ILM, Ingest Node Pipelines, and more labels Aug 4, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/platform-deployment-management (Team:Deployment Management)

@cleydyr
Copy link
Member

cleydyr commented Aug 4, 2023

The logic behind allowing the Management item is that it's enabled if at least one of its subitems is enabled. In this case, DevTools is enabled. That's why I couldn't figure out if the problem is the link that doesn't open or if enabling it if at least one item is enabled is the correct logic.

@alisonelizabeth
Copy link
Contributor Author

That's why I couldn't figure out if the problem is the link that doesn't open or if enabling it if at least one item is enabled is the correct logic.

I think we need to investigate this further. While Dev Tools is under "Management", it isn't under Stack Management, so I wouldn't expect us to render the link. The other behavior I noticed is that the link in itself is wrong - it's /s/dev_tools/app/mangement when I would expect it to go to /app/management (possibly a non-issue if we're able to hide it).

@cleydyr
Copy link
Member

cleydyr commented Aug 7, 2023

Please notice that the behavior is the same on the left sidebar: if you have at least one item under Management (like Dev Tools), the Management item itself is clickable and will take you to the Stack Management home page. The Stack Management subitem doesn't have to appear under the Management item either.

@alisonelizabeth alisonelizabeth removed the Team:Kibana Management Dev Tools, Index Management, Upgrade Assistant, ILM, Ingest Node Pipelines, and more label Sep 17, 2024
@botelastic botelastic bot added the needs-team Issues missing a team label label Sep 17, 2024
@alisonelizabeth alisonelizabeth added the Team:Kibana Management Dev Tools, Index Management, Upgrade Assistant, ILM, Ingest Node Pipelines, and more label Sep 17, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-management (Team:Kibana Management)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Fixes for quality problems that affect the customer experience Team:Kibana Management Dev Tools, Index Management, Upgrade Assistant, ILM, Ingest Node Pipelines, and more
Projects
None yet
Development

No branches or pull requests

3 participants