[Fleet]: Able to delete collected agent diagnostics with user role Fleet and Sub modules: Read.

[amolnater-qasource]

Kibana Build details:

VERSION: 8.15.0 SNAPSHOT
BUILD: 75903
COMMIT: 8bf9aa56b47e404120f1d176fea3c3989f051ef7

Role:

Integrations: Read
Fleet: Read
Agents: Read
Agent policies: Read
Settings: Read

Preconditions:

1. 8.15.0-SNAPSHOT Kibana cloud environment should be available.
2. New User should be created with above defined role.

Steps to reproduce:

1. Login with the above User.
2. Navigate to Fleet>Agents>Diagnostics tab.
3. Collect diagnostics for the agent and wait for the completion.[EXPECTED]
4. Click delete icon and observe user is able to delete collected diagnostics.

Expected Result: User with role Fleet and Sub modules: Read should not be able to delete collected agent diagnostics

Screen Recording:

https://github.com/elastic/kibana/assets/77374876/44288a75-e5bb-4366-8b00-5ac25ec4594f

Feature: https://github.com/elastic/ingest-dev/issues/2903

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)

[amolnater-qasource]

@manishgupta-qasource Please review.

[manishgupta-qasource]

Secondary Review for this ticket is Done

[nchaulet]

Looks like the permission required to delete a file upload are misconfigured https://github.com/elastic/kibana/blob/main/x-pack/plugins/fleet/server/routes/agent/index.ts#L341 it should probably only be accessible to someone with allAgents

[amolnater-qasource]

Hi Team,

We have revalidated this issue on latest 8.15.0 SNAPSHOT kibana cloud environment and found it fixed now.

Observations:

• User with role Fleet and Sub modules: Read is not able to delete collected agent diagnostics

Screen Recording:

https://github.com/user-attachments/assets/bef8a6a0-4d73-4475-b075-9ac1c4d2d91a

Build details: VERSION: 8.15.0 SNAPSHOT BUILD: 76205 COMMIT: 19bcc82a5c628fdbbca343bb078a7f020417b2d2

Hence, we are marking this issue as QA:Validated.

Thanks!