[Security Solution] Error When Assigning an Alert

[pborgonovi]

Describe the bug:

When users with maintenance, write, read, and view_index_metadata privileges for the indices .alerts-security.alerts-* and .internal.alerts-security.alerts-* and Read access to Security in Kibana select an alert in the Alerts Table or the Alert Detail Flyout and tries to assign the alert to a user, the system shows two messages:

1. “Successfully updated assignees for 1 alert.”
   • This message indicates the assignment was processed successfully.
2. “Failed to find users”
   • This message shows an error related to the API call: API [POST /internal/security/user_profile/_bulk_get] is unauthorized for user, this action is granted by the Kibana privileges [bulkGetUserProfiles] (403)

Despite the success message, the assignment does not seem to work properly.

Kibana/Elasticsearch Stack version:

8.17

Server OS version:

Browser and Browser OS versions:

Elastic Endpoint version:

Original install method (e.g. download page, yum, from source, etc.):

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Pre requisites:

Create a new role in Kibana with the following settings:

1. Index Privileges:
   • Privileges: read, write, maintenance, view_index_metadata
2. Kibana Privileges:
   • Feature Privileges: Security: Read Access Only

Steps to reproduce:

1. Create an user and assign to the custom role
2. Login with the new user
3. Navigate to the Alerts Table or open the Alert Detail Flyout.
4. Select an alert.
5. Attempt to assign the alert to a user.
6. Observe the messages displayed by the system.

Current behavior:

• The system displays two conflicting messages:
  1. A success message indicating the alert was assigned.
  2. An error message indicating the user does not have the necessary privileges to retrieve user profiles.

Expected behavior:

• The system should assign the alert without errors, provided the user has sufficient privileges.
• If the user lacks the necessary privileges, the system should display a single, clear error message explaining the issue.

Screenshots (if relevant):

https://github.com/user-attachments/assets/3e91db80-ae55-4d11-a359-3f7a30a8f64b

https://github.com/user-attachments/assets/10df938b-737f-4d76-ab5d-4e0b278b416d

Errors in browser console (if relevant):

{
    "statusCode": 403,
    "error": "Forbidden",
    "message": "API [POST /internal/security/user_profile/_bulk_get] is unauthorized for user, this action is granted by the Kibana privileges [bulkGetUserProfiles]"
}

Provide logs and/or server output (if relevant):

Any additional context (logs, chat logs, magical formulas, etc.):

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detection-engine (Team:Detection Engine)

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)