[Cloud Security][Bug] Dashboard and Benchmark Pages Missing Unprivileged Prompt

[CohenIdo]

Motivation When accessing Cloud Security pages with a role that lacks the required privileges:

• On the dashboard page, nothing appears until one of the tabs (Cloud / Kubernetes) is clicked.
• On the benchmark page, there is a delay of approximately 5 seconds before an error message is displayed, stating "We couldn't fetch your cloud security posture benchmark data," instead of presenting the insufficient privileges prompt.

Steps to Reproduce

1. Create a role that lacks access to cloud security posture indices.
2. Create a user with the role from the previous step.
3. Try accessing the dashboard and benchmark pages.

Definition of Done

• [ ] When navigating to the dashboard page, an insufficient privileges prompt should appear without needing to click on any tab.
• [ ] The benchmark page should present a meaningful insufficient privileges prompt.
• [ ] Update the custom roles FTRs to include accessing the benchmark and dashboard pages.

https://github.com/elastic/kibana/assets/90558359/df549baa-c6fa-424a-a56c-58a43e4173da

Related links

• https://github.com/elastic/kibana/issues/181896

[elasticmachine]

Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security)

[willemdh]

I'm unable to create a role with the correct privileges for CSPM... Only superuser can see the CSPM data since our update to 8.13.4.... Other users can see the raw data in Discover but not the CSPM gui and dashboards.

[JordanSh]

My quick 2 cents

On the dashboard page, nothing appears until one of the tabs (Cloud / Kubernetes) is clicked.

Might happens because we wait to see if we have any data before we navigate to one of the tabs.

On the benchmark page, there is a delay of approximately 5 seconds before an error message is displayed, stating "We couldn't fetch your cloud security posture benchmark data," instead of presenting the insufficient privileges prompt.

I assume thats because useQuery is retrying to fetch the data about 3 times before returning the error. so in this case we probably should just add a loader.

[CohenIdo]

I'm unable to create a role with the correct privileges for CSPM... Only superuser can see the CSPM data since our update to 8.13.4.... Other users can see the raw data in Discover but not the CSPM gui and dashboards

Hey @willemdh, the issue you described has been resolved here and will be available in the new release (8.15.0) and also as a patch release for 8.13 and 8.14.

[amkarn258]

Hi @kfirpeled,

I can see no one is assigned for this issue yet, I'll be happy to work on this, please assign me.

[opauloh]

Hi @kfirpeled,

I can see no one is assigned for this issue yet, I'll be happy to work on this, please assign me.

Hi @amkarn258, sorry for the long delay in responding, Kfir is on vacation, let me know if you are still interested in taking this issue and I can assign you.

[willemdh]

So is this issue finally fixed in 8.14.2??

[opauloh]

So is this issue finally fixed in 8.14.2??

The authorization issue is resolved, meaning users with the minimum visualization permission in their roles should access the Cloud Security Posture Dashboard and the Benchmarks page. The fix was also backported to 8.14.2.

On the dashboard page, nothing appears until one of the tabs (Cloud / Kubernetes) is clicked.

But the UI issue above related to this ticket is still happening, a blank screen is displayed to the users with insufficient permission, when Instead it should render the Unprivileged component.