Skip to content

Add readonly view to role management#143893

Merged
thomheymann merged 3 commits intoelastic:mainfrom
thomheymann:read-only-role-management
Oct 30, 2022
Merged

Add readonly view to role management#143893
thomheymann merged 3 commits intoelastic:mainfrom
thomheymann:read-only-role-management

Conversation

@thomheymann
Copy link
Contributor

@thomheymann thomheymann commented Oct 24, 2022
edited
Loading

Resolves #141801

Summary

Hides CTAs and disables input fields on role management screens in readonly mode.

Screenshot

Screenshot 2022-10-24 at 20 29 29

Testing

  1. Create a user with viewer role, kibana_admin role and read_security privileges
  2. Login as that user and navigate to Stack Management > Roles

@thomheymann thomheymann added Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// release_note:skip Skip the PR/issue when compiling release notes backport:skip This PR does not require backporting v8.6.0 labels Oct 24, 2022
@thomheymann thomheymann marked this pull request as ready for review October 25, 2022 08:00
@thomheymann thomheymann requested a review from a team as a code owner October 25, 2022 08:00
@elasticmachine
Copy link
Contributor

elasticmachine commented Oct 25, 2022

Pinging @elastic/kibana-security (Team:Security)

@legrego legrego requested a review from jeramysoucy October 25, 2022 16:59
@jeramysoucy
Copy link
Contributor

jeramysoucy commented Oct 26, 2022
edited
Loading

@thomheymann The only way I have found to give users access to view the Kibana privileges section of the role screen is to grant a blanket of 'All' Kibana privileges to the user. If I manually enable all Kibana privileges, one-by-one, the user still cannot access a read-only view of Kibana privileges in the role screen.

@legrego Thom tracked the logic to the uiCapabilities.spaces.manage property, which appears to come from application.capabilities.spaces.manage. We thought you may have some insight into how this is getting set.

@jeramysoucy
Copy link
Contributor

jeramysoucy commented Oct 27, 2022
edited
Loading

@thomheymann The only way I have found to give users access to view the Kibana privileges section of the role screen is to grant a blanket of 'All' Kibana privileges to the user. If I manually enable all Kibana privileges, one-by-one, the user still cannot access a read-only view of Kibana privileges in the role screen.

@legrego Thom tracked the logic to the uiCapabilities.spaces.manage property, which appears to come from application.capabilities.spaces.manage. We thought you may have some insight into how this is getting set.

Ok. Looks like this is exactly expected. There's an open issue to make this an explicit privilege in the future. Thanks @legrego!

jeramysoucy
jeramysoucy approved these changes Oct 27, 2022
View reviewed changes
Copy link
Contributor

@jeramysoucy jeramysoucy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Clean implementation and seems to leverage existing patterns/utilities/naming conventions.

@kibana-ci
Copy link

kibana-ci commented Oct 30, 2022

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
security 537.8KB 538.3KB +505.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
security 57.4KB 57.7KB +316.0B
Unknown metric groups

ESLint disabled in files

id before after diff
osquery 1 2 +1

ESLint disabled line counts

id before after diff
enterpriseSearch 19 21 +2
fleet 57 63 +6
osquery 103 108 +5
security 23 24 +1
securitySolution 439 443 +4
total +18

Total ESLint disabled count

id before after diff
enterpriseSearch 20 22 +2
fleet 65 71 +6
osquery 104 110 +6
security 25 26 +1
securitySolution 516 520 +4
total +19

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@thomheymann thomheymann merged commit 8833fe7 into elastic:main Oct 30, 2022
jloleysens added a commit to jloleysens/kibana that referenced this pull request Oct 31, 2022
@jloleysens
Merge branch 'main' into files-move-to-src
866c302 
* main: (41 commits)
  [api-docs] Daily api_docs build (elastic#144212)
  Add readonly view to role management (elastic#143893)
  [api-docs] Daily api_docs build (elastic#144208)
  [APM] Adds button group to navigate to "All services" (elastic#142911)
  Update react-query to ^4.12.0 (main) (elastic#139986)
  [APM] Support specific fields when creating service groups (elastic#142201) (elastic#143881)
  [api-docs] Daily api_docs build (elastic#144203)
  [ts] add stub index.d.ts in @kbn/ui-shared-deps-npm
  [Synthetics] Fix failing Synthetics Integration test (elastic#144175)
  chore(NA): remove @types/pkg link creation when generating a new package (elastic#144200)
  [Osquery] Update schema to v5.5.1 (elastic#144090)
  [ci] remove github-checks-reporter (elastic#144193)
  [8.6][ML Inference] Verify pipeline usage before deletion (elastic#144053)
  [ts] ts refs cache was removed, remove capture task
  Added Rollups CCS Test (elastic#144074)
  [auto] migrate existing plugin/package configs
  [ts] stop building @types packages in bootstrap
  skip failing test suite (elastic#142762)
  skip failing test suite (elastic#144186)
  [Fleet] Show Add Fleet Server instead of add agent when adding agent from agent policy (elastic#144105)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeramysoucy jeramysoucy jeramysoucy approved these changes

Assignees

No one assigned

Labels

backport:skip This PR does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// v8.6.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Introduce read-only view for Role Management

4 participants

@thomheymann @elasticmachine @jeramysoucy @kibana-ci