[SecuritySolution] Add a privileges check callout to priv mon page#227176
Merged
machadoum merged 16 commits intoelastic:mainfrom Jul 11, 2025
Merged
[SecuritySolution] Add a privileges check callout to priv mon page#227176machadoum merged 16 commits intoelastic:mainfrom
machadoum merged 16 commits intoelastic:mainfrom
Conversation
machadoum
added
release_note:skip
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Contributor
|
Pinging @elastic/security-entity-analytics (Team:Entity Analytics) |
hop-dev
approved these changes
Jul 9, 2025
Contributor
hop-dev
left a comment
hop-dev
left a comment
There was a problem hiding this comment.
It is working 👍 Couple small comments
I wonder if we should make the rest of the page less broken though? E.g the risk score panel not in an error state and less toasts?
...ons/security/plugins/security_solution/common/entity_analytics/privilege_monitoring/utils.ts
Outdated
Show resolved
Hide resolved
...gins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/privileges.ts
Outdated
Show resolved
Hide resolved
machadoum
commented
Jul 9, 2025
| defaultMessage="You do not have the necessary permissions to enable or view the Asset Inventory. To access this feature, please contact your administrator to request the appropriate permissions." | ||
| /> | ||
| </p> | ||
| {privileges ? <MissingPrivilegesCallout privileges={privileges} /> : null} |
Member
Author
There was a problem hiding this comment.
I just renamed the component
maxcold
approved these changes
Jul 10, 2025
Contributor
maxcold
left a comment
maxcold
left a comment
There was a problem hiding this comment.
asset_inventory change looks good to me
natasha-moore-elastic
approved these changes
Jul 10, 2025
Contributor
natasha-moore-elastic
left a comment
natasha-moore-elastic
left a comment
There was a problem hiding this comment.
LGTM, just left one question and a couple of optional suggestions, thanks!
...ns/security_solution/public/entity_analytics/components/privileged_user_monitoring/index.tsx
Outdated
Show resolved
Hide resolved
…ity_analytics/components/privileged_user_monitoring/index.tsx Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
leemthompo
approved these changes
Jul 11, 2025
Contributor
|
Starting backport for target branches: 9.1 https://github.com/elastic/kibana/actions/runs/16220671335 |
Contributor
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Page load bundle
History
cc @machadoum |
kibanamachine
added a commit
to kibanamachine/kibana
that referenced
this pull request
Jul 11, 2025
…lastic#227176) ## Summary Add a privileges check callout to priv mon page    ### How to test 1. On a kibana instance with an admin user 2. Add priv mon data and install ML jobs 2.1 Run the `privileged-user-monitoring` command from the `security-documents-generator` repo 3. Open the priv mon page and make sure everything is displayed 4. Create a test role with access to the data view indices but nothing more 5. Create a user with the role 6. Log in on an anonymous tab with the created user 7. Open the privmon page 8. The callout should be displayed 9. If you add privileges to the indices listed in the callout, the callout should disappear, and the dashboard should be displayed without any errors ### Checklist Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> (cherry picked from commit 4965cf5)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jul 11, 2025
…age (#227176) (#227654) # Backport This will backport the following commits from `main` to `9.1`: - [[SecuritySolution] Add a privileges check callout to priv mon page (#227176)](#227176) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Pablo Machado","email":"pablo.nevesmachado@elastic.co"},"sourceCommit":{"committedDate":"2025-07-11T13:01:24Z","message":"[SecuritySolution] Add a privileges check callout to priv mon page (#227176)\n\n## Summary\n\nAdd a privileges check callout to priv mon page\n\n\n\n\n\n\n\n\n### How to test\n1. On a kibana instance with an admin user\n2. Add priv mon data and install ML jobs\n2.1 Run the `privileged-user-monitoring` command from the\n`security-documents-generator` repo\n3. Open the priv mon page and make sure everything is displayed\n4. Create a test role with access to the data view indices but nothing\nmore\n5. Create a user with the role\n6. Log in on an anonymous tab with the created user\n7. Open the privmon page\n8. The callout should be displayed\n9. If you add privileges to the indices listed in the callout, the\ncallout should disappear, and the dashboard should be displayed without\nany errors\n\n\n\n### Checklist\n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>","sha":"4965cf54e23e276bd7f93e5fd713add8b8af9c13","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team: SecuritySolution","Feature:Entity Analytics","Team:Entity Analytics","backport:version","v9.1.0","v9.2.0"],"title":"[SecuritySolution] Add a privileges check callout to priv mon page","number":227176,"url":"https://github.com/elastic/kibana/pull/227176","mergeCommit":{"message":"[SecuritySolution] Add a privileges check callout to priv mon page (#227176)\n\n## Summary\n\nAdd a privileges check callout to priv mon page\n\n\n\n\n\n\n\n\n### How to test\n1. On a kibana instance with an admin user\n2. Add priv mon data and install ML jobs\n2.1 Run the `privileged-user-monitoring` command from the\n`security-documents-generator` repo\n3. Open the priv mon page and make sure everything is displayed\n4. Create a test role with access to the data view indices but nothing\nmore\n5. Create a user with the role\n6. Log in on an anonymous tab with the created user\n7. Open the privmon page\n8. The callout should be displayed\n9. If you add privileges to the indices listed in the callout, the\ncallout should disappear, and the dashboard should be displayed without\nany errors\n\n\n\n### Checklist\n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>","sha":"4965cf54e23e276bd7f93e5fd713add8b8af9c13"}},"sourceBranch":"main","suggestedTargetBranches":["9.1"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/227176","number":227176,"mergeCommit":{"message":"[SecuritySolution] Add a privileges check callout to priv mon page (#227176)\n\n## Summary\n\nAdd a privileges check callout to priv mon page\n\n\n\n\n\n\n\n\n### How to test\n1. On a kibana instance with an admin user\n2. Add priv mon data and install ML jobs\n2.1 Run the `privileged-user-monitoring` command from the\n`security-documents-generator` repo\n3. Open the priv mon page and make sure everything is displayed\n4. Create a test role with access to the data view indices but nothing\nmore\n5. Create a user with the role\n6. Log in on an anonymous tab with the created user\n7. Open the privmon page\n8. The callout should be displayed\n9. If you add privileges to the indices listed in the callout, the\ncallout should disappear, and the dashboard should be displayed without\nany errors\n\n\n\n### Checklist\n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>","sha":"4965cf54e23e276bd7f93e5fd713add8b8af9c13"}}]}] BACKPORT--> Co-authored-by: Pablo Machado <pablo.nevesmachado@elastic.co> Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
kertal
pushed a commit
to kertal/kibana
that referenced
this pull request
Jul 25, 2025
…lastic#227176) ## Summary Add a privileges check callout to priv mon page    ### How to test 1. On a kibana instance with an admin user 2. Add priv mon data and install ML jobs 2.1 Run the `privileged-user-monitoring` command from the `security-documents-generator` repo 3. Open the priv mon page and make sure everything is displayed 4. Create a test role with access to the data view indices but nothing more 5. Create a user with the role 6. Log in on an anonymous tab with the created user 7. Open the privmon page 8. The callout should be displayed 9. If you add privileges to the indices listed in the callout, the callout should disappear, and the dashboard should be displayed without any errors ### Checklist Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add a privileges check callout to priv mon page
How to test
2.1 Run the
privileged-user-monitoringcommand from thesecurity-documents-generatorrepoChecklist
Reviewers should verify this PR satisfies this list as well.