search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.81k stars 8.2k forks source link

Searchbox shows “Security” when it’s disabled from spaces #131383

Open sscarduzio opened 2 years ago

sscarduzio commented 2 years ago

Kibana version: 8.1.3

Elasticsearch version: 8.1.3

Server OS version: Ubuntu 20.04

Browser version: Google Chrome (latest)

Browser OS version: MacOS (latest)

Original install method: apt-get

Describe the bug: this is a bug I discovered in Spaces with Security feature only. Could not reproduce it with other features.

Steps to reproduce

  1. Disabling security from current space:

  2. Searching and clicking Security from global search box

  1. An error is shown in the browser:

Expected behavior: No reference to security feature should be shown in the global search box when it's disabled from Spaces.

elasticmachine commented 2 years ago

Pinging @elastic/security-solution (Team: SecuritySolution)

yctercero commented 2 years ago

@MadameSheema @peluja1012

If you're ok with this, I'm putting it down as an 8.4 bug to fix. It's not great UX, but nothing is leaked, the user in this scenario still does not have access to Security.

elasticmachine commented 2 years ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)

pborgonovi commented 2 months ago

Validated 8.15 BC and it's still present:

https://github.com/user-attachments/assets/a8952843-6f03-49e0-929c-6419b68be2fc

Screenshot 2024-07-23 at 2 14 45 PM 
Error: [object Object]: security_exception
    Root causes:
        security_exception: action [indices:data/read/field_caps] is unauthorized for user [paula] with effective roles [custom_role], this action is granted by the index privileges [view_index_metadata,manage,read,all]
    at https://paula-8-15-3.kb.us-west2.gcp.elastic-cloud.com:9243/674b3abcdff6/bundles/plugin/dataViews/1.0.0/dataViews.plugin.js:1:55614
    at async data_views_service_public_DataViewsServicePublic.refreshFieldSpecMap (https://paula-8-15-3.kb.us-west2.gcp.elastic-cloud.com:9243/674b3abcdff6/bundles/plugin/dataViews/1.0.0/dataViews.plugin.js:1:42078)
    at async data_views_service_public_DataViewsServicePublic.initFromSavedObjectLoadFields (https://paula-8-15-3.kb.us-west2.gcp.elastic-cloud.com:9243/674b3abcdff6/bundles/plugin/dataViews/1.0.0/dataViews.plugin.js:1:43587)
    at async data_views_service_public_DataViewsServicePublic.initFromSavedObject (https://paula-8-15-3.kb.us-west2.gcp.elastic-cloud.com:9243/674b3abcdff6/bundles/plugin/dataViews/1.0.0/dataViews.plugin.js:1:44121)