Observability Log Explorer accessible with Kibana dashboard only role #192062
Assignees
Labels
bug
Fixes for quality problems that affect the customer experience
Feature:LogsExplorer
Logs Explorer feature
RBAC
Role Based Access Control
Team:obs-ux-logs
Observability Logs User Experience Team
Comments
tahaderouiche
added
bug
|
Pinging @elastic/obs-ux-logs-team (Team:obs-ux-logs) |
|
Got a couple of questions here:
@gbamparop wdyt? |
With the new stateful nav, this shouldn't be a problem but in case there are no privileges to access Logs Explorer and Discover I think we should default to the remaining pages. Log stream when it's not hidden by the advanced setting that will be introduced by #193320 or otherwise default to the remaining two links (log categories / anomalies). @LucaWintergerst any thoughts? |
|
@gbamparop Thank you. Do we know when will the new nav be available? I saw in the email its targeting 8.16 probably. But the issue here is on 8.15 as well. The other problem is with the links that are across kibana like in Dataset quality pointing to Logs Explorer. Should we keep this the consumers' responsibility to hide/show them? |
|
for other pages we currently throw an error like this. I think this is fine I think we should focus primarily on the bug that was raised by Taha and just fix this for the time being.
|
|
@LucaWintergerst Thank you. Because if we don't do anything about it it will prevent the user from accessing the Screen.Recording.2024-09-26.at.13.57.22.movThe above user has access to |
|
ah, apologies, I see. So let's redirect, and the hierarchy I would go with as Giorgos already suggested:
|
|
@LucaWintergerst Sounds great, thank you :) |
mohamedhamed-ahmed
added a commit
that referenced
this issue
Oct 1, 2024
closes #192062 ## 📝 Summary This PR adds privileges checks for `Logs Explorerer` it checks for `Discover & Fleet` privileges before allowing the user access to `Logs Explorer`. Clicking on the `Logs` tab from the side nav defaults to `Stream`, as long as its not depricated, in case the user doesn't have access to `Logs Explorer` ## 🎥 Demo https://github.com/user-attachments/assets/a4105ec0-7681-40ee-b2fd-e39b9c178dcf
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Oct 1, 2024
closes elastic#192062 ## 📝 Summary This PR adds privileges checks for `Logs Explorerer` it checks for `Discover & Fleet` privileges before allowing the user access to `Logs Explorer`. Clicking on the `Logs` tab from the side nav defaults to `Stream`, as long as its not depricated, in case the user doesn't have access to `Logs Explorer` ## 🎥 Demo https://github.com/user-attachments/assets/a4105ec0-7681-40ee-b2fd-e39b9c178dcf (cherry picked from commit dbfd4f0)
mohamedhamed-ahmed
added a commit
to mohamedhamed-ahmed/kibana
that referenced
this issue
Oct 1, 2024
closes elastic#192062 ## 📝 Summary This PR adds privileges checks for `Logs Explorerer` it checks for `Discover & Fleet` privileges before allowing the user access to `Logs Explorer`. Clicking on the `Logs` tab from the side nav defaults to `Stream`, as long as its not depricated, in case the user doesn't have access to `Logs Explorer` ## 🎥 Demo https://github.com/user-attachments/assets/a4105ec0-7681-40ee-b2fd-e39b9c178dcf (cherry picked from commit dbfd4f0) # Conflicts: # x-pack/plugins/observability_solution/infra/public/apps/logs_app.tsx
mohamedhamed-ahmed
added a commit
that referenced
this issue
Oct 2, 2024
# Backport This will backport the following commits from `main` to `8.15`: - [[Logs Explorer] Fix Privileges Accessibility (#193894)](#193894) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"mohamedhamed-ahmed","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-01T11:38:16Z","message":"[Logs Explorer] Fix Privileges Accessibility (#193894)\n\ncloses https://github.com/elastic/kibana/issues/192062\r\n\r\n## 📝 Summary\r\n\r\nThis PR adds privileges checks for `Logs Explorerer` it checks for\r\n`Discover & Fleet` privileges before allowing the user access to `Logs\r\nExplorer`.\r\nClicking on the `Logs` tab from the side nav defaults to `Stream`, as\r\nlong as its not depricated, in case the user doesn't have access to\r\n`Logs Explorer`\r\n\r\n## 🎥 Demo\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/a4105ec0-7681-40ee-b2fd-e39b9c178dcf","sha":"dbfd4f0879aa89c49b379cc2c6c5feb74f5c16c7","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","ci:project-deploy-observability","Team:obs-ux-logs","Team:obs-ux-infra_services","apm:review","v8.15.0","v8.16.0","backport:version"],"number":193894,"url":"https://github.com/elastic/kibana/pull/193894","mergeCommit":{"message":"[Logs Explorer] Fix Privileges Accessibility (#193894)\n\ncloses https://github.com/elastic/kibana/issues/192062\r\n\r\n## 📝 Summary\r\n\r\nThis PR adds privileges checks for `Logs Explorerer` it checks for\r\n`Discover & Fleet` privileges before allowing the user access to `Logs\r\nExplorer`.\r\nClicking on the `Logs` tab from the side nav defaults to `Stream`, as\r\nlong as its not depricated, in case the user doesn't have access to\r\n`Logs Explorer`\r\n\r\n## 🎥 Demo\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/a4105ec0-7681-40ee-b2fd-e39b9c178dcf","sha":"dbfd4f0879aa89c49b379cc2c6c5feb74f5c16c7"}},"sourceBranch":"main","suggestedTargetBranches":["8.15"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193894","number":193894,"mergeCommit":{"message":"[Logs Explorer] Fix Privileges Accessibility (#193894)\n\ncloses https://github.com/elastic/kibana/issues/192062\r\n\r\n## 📝 Summary\r\n\r\nThis PR adds privileges checks for `Logs Explorerer` it checks for\r\n`Discover & Fleet` privileges before allowing the user access to `Logs\r\nExplorer`.\r\nClicking on the `Logs` tab from the side nav defaults to `Stream`, as\r\nlong as its not depricated, in case the user doesn't have access to\r\n`Logs Explorer`\r\n\r\n## 🎥 Demo\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/a4105ec0-7681-40ee-b2fd-e39b9c178dcf","sha":"dbfd4f0879aa89c49b379cc2c6c5feb74f5c16c7"}},{"branch":"8.15","label":"v8.15.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.16.0","labelRegex":"^v8.16.0$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/194557","number":194557,"state":"MERGED","mergeCommit":{"sha":"ee920811f6c17f6ea264cc5e3527e63cd2c0fd46","message":"[8.x] [Logs Explorer] Fix Privileges Accessibility (#193894) (#194557)\n\n# Backport\n\nThis will backport the following commits from `main` to `8.x`:\n- [[Logs Explorer] Fix Privileges Accessibility\n(#193894)](https://github.com/elastic/kibana/pull/193894)\n\n<!--- Backport version: 9.4.3 -->\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sqren/backport)\n\n<!--BACKPORT\n[{\"author\":{\"name\":\"mohamedhamed-ahmed\",\"email\":\"[email protected]\"},\"sourceCommit\":{\"committedDate\":\"2024-10-01T11:38:16Z\",\"message\":\"[Logs\nExplorer] Fix Privileges Accessibility (#193894)\\n\\ncloses\nhttps://github.com//issues/192062\\r\\n\\r\\n## 📝\nSummary\\r\\n\\r\\nThis PR adds privileges checks for `Logs Explorerer` it\nchecks for\\r\\n`Discover & Fleet` privileges before allowing the user\naccess to `Logs\\r\\nExplorer`.\\r\\nClicking on the `Logs` tab from the\nside nav defaults to `Stream`, as\\r\\nlong as its not depricated, in case\nthe user doesn't have access to\\r\\n`Logs Explorer`\\r\\n\\r\\n## 🎥\nDemo\\r\\n\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/a4105ec0-7681-40ee-b2fd-e39b9c178dcf\",\"sha\":\"dbfd4f0879aa89c49b379cc2c6c5feb74f5c16c7\",\"branchLabelMapping\":{\"^v9.0.0$\":\"main\",\"^v8.16.0$\":\"8.x\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"release_note:skip\",\"v9.0.0\",\"ci:project-deploy-observability\",\"Team:obs-ux-logs\",\"Team:obs-ux-infra_services\",\"v8.15.0\",\"v8.16.0\",\"backport:version\"],\"title\":\"[Logs\nExplorer] Fix Privileges\nAccessibility\",\"number\":193894,\"url\":\"https://github.com/elastic/kibana/pull/193894\",\"mergeCommit\":{\"message\":\"[Logs\nExplorer] Fix Privileges Accessibility (#193894)\\n\\ncloses\nhttps://github.com//issues/192062\\r\\n\\r\\n## 📝\nSummary\\r\\n\\r\\nThis PR adds privileges checks for `Logs Explorerer` it\nchecks for\\r\\n`Discover & Fleet` privileges before allowing the user\naccess to `Logs\\r\\nExplorer`.\\r\\nClicking on the `Logs` tab from the\nside nav defaults to `Stream`, as\\r\\nlong as its not depricated, in case\nthe user doesn't have access to\\r\\n`Logs Explorer`\\r\\n\\r\\n## 🎥\nDemo\\r\\n\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/a4105ec0-7681-40ee-b2fd-e39b9c178dcf\",\"sha\":\"dbfd4f0879aa89c49b379cc2c6c5feb74f5c16c7\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[\"8.15\",\"8.x\"],\"targetPullRequestStates\":[{\"branch\":\"main\",\"label\":\"v9.0.0\",\"branchLabelMappingKey\":\"^v9.0.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/193894\",\"number\":193894,\"mergeCommit\":{\"message\":\"[Logs\nExplorer] Fix Privileges Accessibility (#193894)\\n\\ncloses\nhttps://github.com//issues/192062\\r\\n\\r\\n## 📝\nSummary\\r\\n\\r\\nThis PR adds privileges checks for `Logs Explorerer` it\nchecks for\\r\\n`Discover & Fleet` privileges before allowing the user\naccess to `Logs\\r\\nExplorer`.\\r\\nClicking on the `Logs` tab from the\nside nav defaults to `Stream`, as\\r\\nlong as its not depricated, in case\nthe user doesn't have access to\\r\\n`Logs Explorer`\\r\\n\\r\\n## 🎥\nDemo\\r\\n\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/a4105ec0-7681-40ee-b2fd-e39b9c178dcf\",\"sha\":\"dbfd4f0879aa89c49b379cc2c6c5feb74f5c16c7\"}},{\"branch\":\"8.15\",\"label\":\"v8.15.0\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.x\",\"label\":\"v8.16.0\",\"branchLabelMappingKey\":\"^v8.16.0$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"}]}]\nBACKPORT-->\n\nCo-authored-by: mohamedhamed-ahmed <[email protected]>"}}]}] BACKPORT-->
|
Fix implemented and backported to 8.15 |
mohamedhamed-ahmed
added a commit
to mohamedhamed-ahmed/kibana
that referenced
this issue
Oct 30, 2024
closes elastic#192062 This PR adds privileges checks for `Logs Explorerer` it checks for `Discover & Fleet` privileges before allowing the user access to `Logs Explorer`. Clicking on the `Logs` tab from the side nav defaults to `Stream`, as long as its not depricated, in case the user doesn't have access to `Logs Explorer` https://github.com/user-attachments/assets/a4105ec0-7681-40ee-b2fd-e39b9c178dcf (cherry picked from commit dbfd4f0)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Kibana version: 8.15
Elasticsearch version: 8.15
Describe the bug: Observability Log Explorer application is accessible with Dashboard only role.
Steps to reproduce:
logs-*.Log Explorerin Kibana Global Search bar.logs-*indices.Expected behavior:
Viewing data in Logs Explorer should require Kibana read privileges for
DiscoverandIntegrations.Screenshots (if relevant):
The text was updated successfully, but these errors were encountered: