Closed amolnater-qasource closed 2 months ago
Pinging @elastic/fleet (Team:Fleet)
@manishgupta-qasource Please review.
Secondary Review for this ticket is Done
Looks like the permission required to delete a file upload are misconfigured https://github.com/elastic/kibana/blob/main/x-pack/plugins/fleet/server/routes/agent/index.ts#L341 it should probably only be accessible to someone with allAgents
Hi Team,
We have revalidated this issue on latest 8.15.0 SNAPSHOT kibana cloud environment and found it fixed now.
Observations:
Screen Recording:
https://github.com/user-attachments/assets/bef8a6a0-4d73-4475-b075-9ac1c4d2d91a
Build details: VERSION: 8.15.0 SNAPSHOT BUILD: 76205 COMMIT: 19bcc82a5c628fdbbca343bb078a7f020417b2d2
Hence, we are marking this issue as QA:Validated.
Thanks!
Kibana Build details:
Role:
Preconditions:
Steps to reproduce:
Expected Result: User with role Fleet and Sub modules: Read should not be able to delete collected agent diagnostics
Screen Recording:
https://github.com/elastic/kibana/assets/77374876/44288a75-e5bb-4366-8b00-5ac25ec4594f
Feature: https://github.com/elastic/ingest-dev/issues/2903