search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.76k stars 8.15k forks source link

Stack Management UI - Users with monitor cluster privileges should be able to view Component Templates and Enrich Policies in Stack Management UI #178654

Open herrBez opened 6 months ago

herrBez commented 6 months ago

Kibana version: 8.12.2

Elasticsearch version: 8.12.2

Server OS version: N/A - Elastic Cloud

Browser version: Chrome 122.0.6261.112

Browser OS version: Windows 11

Original install method (e.g. download page, yum, from source, etc.): Elastic Cloud

Describe the bug: A user with the monitor cluster privilege is allowed to view Index Templates, Component Templates and Enrich policies. However, in the Stack Management UI, the user can view the Index Template but cannot view Component Templates nor Enrich Policies with the errors about missing permissions (manage_index_template and manage_enrich_policies, respectively).

Steps to reproduce:

  1. Configure a new role with the monitor cluster privileges and all permissions on Kibana:

    PUT _security/role/stack_management_ui_role
{
"cluster": [
"monitor"
],
"indices": [],
"applications": [
{
  "application": "kibana-.kibana",
  "privileges": [
    "all"
  ],
  "resources": [
    "*"
  ]
}
],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}

  2. Create a new user assigned to that role:

    PUT _security/user/stack_management_ui_user
{
"password": "stack_management_ui_password",
"roles": ["stack_management_ui_role"]
}

  3. Login into Kibana with the newly created user and open Stack Management > Index Management

  4. Verify that index_templates are viewed but component_templates and enrich policies are not

Expected behavior:

A coherent behavior: either have users with the monitor cluster privilege should read access to index_templates, component_templates and enrich policies (preferred by me) or alternatively the users with this role are not allowed to view index templates as well

Screenshots (if relevant):

image image

Errors in browser console (if relevant):

Provide logs and/or server output (if relevant):

Any additional context:

elasticmachine commented 6 months ago

Pinging @elastic/platform-deployment-management (Team:Deployment Management)

elasticmachine commented 1 week ago

Pinging @elastic/kibana-management (Team:Kibana Management)