Skip to content

Comments

[Security Solution] Fix data view picker privilege#222122

Merged
christineweng merged 1 commit intoelastic:mainfrom
christineweng:dp-privilege
Jun 3, 2025
Merged

[Security Solution] Fix data view picker privilege#222122
christineweng merged 1 commit intoelastic:mainfrom
christineweng:dp-privilege

Conversation

@christineweng
Copy link
Contributor

@christineweng christineweng commented May 30, 2025

Summary

Ref: #220587

This PR limits user's ability to add fields and edit data views based on their access. The behavior of data view picker now matches the one in discover.

To test this PR, enable feature flag newDataViewPickerEnabled.

1. Have access to indices and write access to solutions

  • Add field and Manage data view are displayed
  • When creating a data view, can save and use without saving
Discover Security
image image
image image

2. Haves access to indices and read access to solutions

  • Add field and Manage data view are not displayed
  • Can only create ad hoc data views
Discover Security
image image
image image

3. No access to indices and read access to solutions

  • Page content do not show up
  • Cannot create data views (because user has no access to any indices)
Discover Security
image image

Checklist

  • Unit or functional tests were updated or added to match the most common scenarios
  • The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines

@christineweng christineweng self-assigned this May 30, 2025
@christineweng christineweng requested a review from a team as a code owner May 30, 2025 21:40
@christineweng christineweng added release_note:skip Skip the PR/issue when compiling release notes backport:skip This PR does not require backporting Team:Threat Hunting:Investigations Security Solution Threat Hunting Investigations Team v9.1.0 labels May 30, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

@christineweng christineweng requested a review from a team as a code owner June 2, 2025 21:21
@christineweng christineweng removed the request for review from a team June 2, 2025 21:21
[scope, selectDataView]
const handleDataViewModified = useMemo(
() =>
canEditDataView
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It could be cleaner to do the check where the fn is passed as the actual prop, but that's a personal preference thing 🤷🏾‍♂️

Copy link
Contributor

@michaelolo24 michaelolo24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work. Tested None, Read, and All privileges and the expected behavior where the add and manage functionality is only shown in All is preserved. Nice work!

@christineweng christineweng enabled auto-merge (squash) June 3, 2025 22:17
@christineweng christineweng merged commit dd4764b into elastic:main Jun 3, 2025
10 checks passed
@elasticmachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 9.3MB 9.3MB +111.0B

History

cc @christineweng

zacharyparikh pushed a commit to zacharyparikh/kibana that referenced this pull request Jun 4, 2025
## Summary

Ref: elastic#220587

This PR limits user's ability to add fields and edit data views based on
their access. The behavior of data view picker now matches the one in
discover.

To test this PR, enable feature flag `newDataViewPickerEnabled`.

### 1. Have access to indices and write access to solutions

- Add field and Manage data view are displayed
- When creating a data view, can save and use without saving

| Discover | Security |
|--------|-----------------|

|![image](https://github.com/user-attachments/assets/d1c54b06-8b65-4f90-b8a1-0bbc2ac5f18d)
|
![image](https://github.com/user-attachments/assets/c823f28b-5922-4d77-9f4f-7c96654ae86c)|

|![image](https://github.com/user-attachments/assets/dd2100b8-bdb4-4854-90d1-762cf8fe96ca)
|
![image](https://github.com/user-attachments/assets/f921ec24-e36b-4195-b740-30c3654fa52b)
|


### 2. Haves access to indices and read access to solutions

- Add field and Manage data view are not displayed
- Can only create ad hoc data views


| Discover | Security |
|--------|-----------------|

|![image](https://github.com/user-attachments/assets/008f95bd-5307-440e-843d-61d7a2bdd933)
|
![image](https://github.com/user-attachments/assets/d6aae373-8572-4adf-bc1c-4cce670d8625)|

|![image](https://github.com/user-attachments/assets/8986db3f-08a7-4b88-8edc-420b3c4fcdcf)
|
![image](https://github.com/user-attachments/assets/c3806d72-657d-489e-a201-b4695496ac09)|


### 3. No access to indices and read access to solutions

- Page content do not show up
- Cannot create data views (because user has no access to any indices)

| Discover | Security |
|--------|-----------------|

|![image](https://github.com/user-attachments/assets/fb8a4be6-2ff0-4d9a-9414-fec99997a193)
|
![image](https://github.com/user-attachments/assets/504ae1f5-0695-4499-99c8-197a11acc613)
|



### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
christineweng added a commit to christineweng/kibana that referenced this pull request Jun 6, 2025
## Summary

Ref: elastic#220587

This PR limits user's ability to add fields and edit data views based on
their access. The behavior of data view picker now matches the one in
discover.

To test this PR, enable feature flag `newDataViewPickerEnabled`.

### 1. Have access to indices and write access to solutions

- Add field and Manage data view are displayed
- When creating a data view, can save and use without saving

| Discover | Security |
|--------|-----------------|

|![image](https://github.com/user-attachments/assets/d1c54b06-8b65-4f90-b8a1-0bbc2ac5f18d)
|
![image](https://github.com/user-attachments/assets/c823f28b-5922-4d77-9f4f-7c96654ae86c)|

|![image](https://github.com/user-attachments/assets/dd2100b8-bdb4-4854-90d1-762cf8fe96ca)
|
![image](https://github.com/user-attachments/assets/f921ec24-e36b-4195-b740-30c3654fa52b)
|


### 2. Haves access to indices and read access to solutions

- Add field and Manage data view are not displayed
- Can only create ad hoc data views


| Discover | Security |
|--------|-----------------|

|![image](https://github.com/user-attachments/assets/008f95bd-5307-440e-843d-61d7a2bdd933)
|
![image](https://github.com/user-attachments/assets/d6aae373-8572-4adf-bc1c-4cce670d8625)|

|![image](https://github.com/user-attachments/assets/8986db3f-08a7-4b88-8edc-420b3c4fcdcf)
|
![image](https://github.com/user-attachments/assets/c3806d72-657d-489e-a201-b4695496ac09)|


### 3. No access to indices and read access to solutions

- Page content do not show up
- Cannot create data views (because user has no access to any indices)

| Discover | Security |
|--------|-----------------|

|![image](https://github.com/user-attachments/assets/fb8a4be6-2ff0-4d9a-9414-fec99997a193)
|
![image](https://github.com/user-attachments/assets/504ae1f5-0695-4499-99c8-197a11acc613)
|



### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
christineweng added a commit that referenced this pull request Jun 10, 2025
… Data View Picker (#210585) (#223044)

# Backport

This will backport the following commits from `main` to `8.19`:
- [[Security Solution][Sourcerer] Replace Sourcerer with Discover Data
View Picker (#210585)](#210585)
- [[Security Solution] Rename use_data_view to use_data_view_spec
#216461](#216461)
- [[Security Solution] Rename use full data view hook
#216614](#216614)
- [[Security Solution] Replace sourcerer in global header
#216685](#216685)
- [[Security Solution] Remove .title use in use_selected_patterns
#216994](#216994)
- [[Security Solution] Render default security solution data view with
managed label #216961](#216961)
- [[Security Solution] Replace sourcerer in analyzer
#218183](#218183)
- [[Security Solution] Replace use_sourcerer_data_view
#216997](#216997)
- [[Security Solution] Replace sourcerer in EQL tab with dataview picker
#218897](#218897)
- [[Security Solution][Sourcerer] replace use get scoped data view
#220196](#220196)
- [[Security Solution] renaming dataView to dataViewSpec and adding
types for clarity
#220718](#220718)
- [[Security Solution][Sourcerer] Maintain url sync support
#221737](#221737)
- [[Security Solution][Data View Manager] Allow passing data view to
query bar #220585](#220585)
- [[Security Solution] Fix data view picker privilege
#222122](#222122)



<!--- Backport version: 10.0.0 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Luke
Gmys","email":"11671118+lgestc@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-31T12:12:57Z","message":"[Security
Solution][Sourcerer] Replace Sourcerer with Discover Data View Picker
(#210585)\n\n# Unified Data View Picker: Phase 1 Implementation\nPart of
https://github.com/elastic/security-team/issues/11959\n\n## What This PR
Does\nThis PR represents the first step in our transition from the
current\nSourcerer component to the new unified Data View Picker.
Specifically,\nthis implementation:\n- Creates a new Data View Picker
component\n- Implements feature flag protection for all changes\n-
Handles asynchronous effects through Redux listener middleware\n-
Establishes a new Redux store architecture to support ad hoc data\nviews
infrastructure\n- Utilizes ad hoc data views to handle legacy patterns
from series 7\n(replacing the previous upgrade data view flow)\n\nSee
the readme for more info:
\n```x-pack/solutions/security/plugins/security_solution/public/data_view_manager/readme.md```\n\n##
What This PR Does NOT Cover\n- Does not affect screens other than
Timelines\n- Does not modify the existing Sourcerer component in any
way\n- Does not fully support all URL/local storage patterns\n\n##
Implementation Notes\nWe've made several accommodations to support both
Sourcerer and the new Data View Picker simultaneously during this
transition period, including:\n- Some interfaces might look odd,
especially the hooks that return the data view or patterns - this is
intentional to support existing use cases\n- There are feature
flag-based conditional statements throughout the code that will be
removed once the transition is complete\n\n## Testing Instructions\n1.
Add the following feature flag to your configuration:\n ```\n
xpack.securitySolution.enableExperimental:
['newDataViewPickerEnabled']\n ```\n2. Navigate to the Timelines
interface\n3. Test interactions with the new Data View
Picker\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"9679f2941550856d75e00c1faadd8c9669afe917","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","backport:skip","Team:
SecuritySolution","Team:Threat
Hunting:Investigations","Feature:Sourcerer","9.1
candidate","v9.1.0"],"title":"[Security Solution][Sourcerer] Replace
Sourcerer with Discover Data View
Picker","number":210585,"url":"https://github.com/elastic/kibana/pull/210585","mergeCommit":{"message":"[Security
Solution][Sourcerer] Replace Sourcerer with Discover Data View Picker
(#210585)\n\n# Unified Data View Picker: Phase 1 Implementation\nPart of
https://github.com/elastic/security-team/issues/11959\n\n## What This PR
Does\nThis PR represents the first step in our transition from the
current\nSourcerer component to the new unified Data View Picker.
Specifically,\nthis implementation:\n- Creates a new Data View Picker
component\n- Implements feature flag protection for all changes\n-
Handles asynchronous effects through Redux listener middleware\n-
Establishes a new Redux store architecture to support ad hoc data\nviews
infrastructure\n- Utilizes ad hoc data views to handle legacy patterns
from series 7\n(replacing the previous upgrade data view flow)\n\nSee
the readme for more info:
\n```x-pack/solutions/security/plugins/security_solution/public/data_view_manager/readme.md```\n\n##
What This PR Does NOT Cover\n- Does not affect screens other than
Timelines\n- Does not modify the existing Sourcerer component in any
way\n- Does not fully support all URL/local storage patterns\n\n##
Implementation Notes\nWe've made several accommodations to support both
Sourcerer and the new Data View Picker simultaneously during this
transition period, including:\n- Some interfaces might look odd,
especially the hooks that return the data view or patterns - this is
intentional to support existing use cases\n- There are feature
flag-based conditional statements throughout the code that will be
removed once the transition is complete\n\n## Testing Instructions\n1.
Add the following feature flag to your configuration:\n ```\n
xpack.securitySolution.enableExperimental:
['newDataViewPickerEnabled']\n ```\n2. Navigate to the Timelines
interface\n3. Test interactions with the new Data View
Picker\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"9679f2941550856d75e00c1faadd8c9669afe917"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/210585","number":210585,"mergeCommit":{"message":"[Security
Solution][Sourcerer] Replace Sourcerer with Discover Data View Picker
(#210585)\n\n# Unified Data View Picker: Phase 1 Implementation\nPart of
https://github.com/elastic/security-team/issues/11959\n\n## What This PR
Does\nThis PR represents the first step in our transition from the
current\nSourcerer component to the new unified Data View Picker.
Specifically,\nthis implementation:\n- Creates a new Data View Picker
component\n- Implements feature flag protection for all changes\n-
Handles asynchronous effects through Redux listener middleware\n-
Establishes a new Redux store architecture to support ad hoc data\nviews
infrastructure\n- Utilizes ad hoc data views to handle legacy patterns
from series 7\n(replacing the previous upgrade data view flow)\n\nSee
the readme for more info:
\n```x-pack/solutions/security/plugins/security_solution/public/data_view_manager/readme.md```\n\n##
What This PR Does NOT Cover\n- Does not affect screens other than
Timelines\n- Does not modify the existing Sourcerer component in any
way\n- Does not fully support all URL/local storage patterns\n\n##
Implementation Notes\nWe've made several accommodations to support both
Sourcerer and the new Data View Picker simultaneously during this
transition period, including:\n- Some interfaces might look odd,
especially the hooks that return the data view or patterns - this is
intentional to support existing use cases\n- There are feature
flag-based conditional statements throughout the code that will be
removed once the transition is complete\n\n## Testing Instructions\n1.
Add the following feature flag to your configuration:\n ```\n
xpack.securitySolution.enableExperimental:
['newDataViewPickerEnabled']\n ```\n2. Navigate to the Timelines
interface\n3. Test interactions with the new Data View
Picker\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"9679f2941550856d75e00c1faadd8c9669afe917"}}]}]
BACKPORT-->

---------

Co-authored-by: Luke Gmys <11671118+lgestc@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Philippe Oberti <philippe.oberti@elastic.co>
nickpeihl pushed a commit to nickpeihl/kibana that referenced this pull request Jun 12, 2025
## Summary

Ref: elastic#220587

This PR limits user's ability to add fields and edit data views based on
their access. The behavior of data view picker now matches the one in
discover.

To test this PR, enable feature flag `newDataViewPickerEnabled`.

### 1. Have access to indices and write access to solutions

- Add field and Manage data view are displayed
- When creating a data view, can save and use without saving

| Discover | Security |
|--------|-----------------|

|![image](https://github.com/user-attachments/assets/d1c54b06-8b65-4f90-b8a1-0bbc2ac5f18d)
|
![image](https://github.com/user-attachments/assets/c823f28b-5922-4d77-9f4f-7c96654ae86c)|

|![image](https://github.com/user-attachments/assets/dd2100b8-bdb4-4854-90d1-762cf8fe96ca)
|
![image](https://github.com/user-attachments/assets/f921ec24-e36b-4195-b740-30c3654fa52b)
|


### 2. Haves access to indices and read access to solutions

- Add field and Manage data view are not displayed
- Can only create ad hoc data views


| Discover | Security |
|--------|-----------------|

|![image](https://github.com/user-attachments/assets/008f95bd-5307-440e-843d-61d7a2bdd933)
|
![image](https://github.com/user-attachments/assets/d6aae373-8572-4adf-bc1c-4cce670d8625)|

|![image](https://github.com/user-attachments/assets/8986db3f-08a7-4b88-8edc-420b3c4fcdcf)
|
![image](https://github.com/user-attachments/assets/c3806d72-657d-489e-a201-b4695496ac09)|


### 3. No access to indices and read access to solutions

- Page content do not show up
- Cannot create data views (because user has no access to any indices)

| Discover | Security |
|--------|-----------------|

|![image](https://github.com/user-attachments/assets/fb8a4be6-2ff0-4d9a-9414-fec99997a193)
|
![image](https://github.com/user-attachments/assets/504ae1f5-0695-4499-99c8-197a11acc613)
|



### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport:skip This PR does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting:Investigations Security Solution Threat Hunting Investigations Team v9.1.0

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants