[EDR Workflows] Fix endpoint exception RBAC UI issues#235119
Merged
tomsonpl merged 21 commits intoelastic:mainfrom Sep 26, 2025
Merged
[EDR Workflows] Fix endpoint exception RBAC UI issues#235119tomsonpl merged 21 commits intoelastic:mainfrom
tomsonpl merged 21 commits intoelastic:mainfrom
Conversation
gergoabraham
added
release_note:skip
gergoabraham
force-pushed
the
fix-endpoint-exception-rbac-ui-issues
branch
from
d4ceb9d to
b33334e
Compare
gergoabraham
added
ci:build-cloud-image
ci:build-serverless-image
ci:cloud-deploy
4 tasks
Contributor
|
Cloud deployment initiated, see credentials at: https://buildkite.com/elastic/kibana-deploy-cloud-from-pr/builds/423 |
Contributor
|
Project deployed, see credentials at: https://buildkite.com/elastic/kibana-deploy-project-from-pr/builds/599 |
This was
linked to
issues
Sep 17, 2025
gergoabraham
force-pushed
the
fix-endpoint-exception-rbac-ui-issues
branch
from
f7a0e8b to
f5c6e85
Compare
gergoabraham
force-pushed
the
fix-endpoint-exception-rbac-ui-issues
branch
from
f5c6e85 to
00c94ec
Compare
|
Hi @gergoabraham , We have validated this ticket on latest 9.2.0-serverless-PR builds and below are the observations Login Credentials
Below are the Testing Details :Build Details: Detailed Observations with Screen-captures for 9.2.0-Serverless:
abc.mp4
Detection.rules.SIEM.-.Kibana.-.Google.Chrome.2025-09-17.17-45-08.mp4
Get.started.-.Kibana.-.Google.Chrome.2025-09-17.17-54-58.mp4
Shared.exception.lists.-.Kibana.-.Google.Chrome.2025-09-17.17-50-37.mp4
Alerts.-.Kibana.-.Google.Chrome.2025-09-17.18-00-53.mp4Hence we are marking it as QA Validated Thanks !! |
maximpn
reviewed
Sep 18, 2025
Contributor
maximpn
left a comment
maximpn
left a comment
There was a problem hiding this comment.
@gergoabraham Thanks for fixing RBAC UI inconsistencies 🙏
And thanks a lot for the detailed PR description with before/after videos 👍 I significantly helps to grasp the difference.
The diff is minimal and overall I don't have critical comments. However, disabled actions like buttons may be puzzling for users. The best practice is to provide explanation tooltips or hide actions from the screens.
PhilippeOberti
approved these changes
Sep 18, 2025
Contributor
PhilippeOberti
left a comment
PhilippeOberti
left a comment
There was a problem hiding this comment.
Code review only, it would be nice to add some unit tests for the useAlertExceptionActions hook.
Contributor
Author
thanks for the review @PhilippeOberti, added unit test: |
maximpn
approved these changes
Sep 19, 2025
Contributor
maximpn
left a comment
maximpn
left a comment
There was a problem hiding this comment.
@gergoabraham Thanks for addressing my comments 👍
Contributor
💔 Build Failed
Failed CI StepsMetrics [docs]Async chunks
History
|
niros1
pushed a commit
that referenced
this pull request
Sep 30, 2025
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Oct 17, 2025
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
gergoabraham
added a commit
to gergoabraham/kibana
that referenced
this pull request
Nov 21, 2025
(cherry picked from commit 7464924) # Conflicts: # x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_exception_actions.tsx
gergoabraham
added a commit
that referenced
this pull request
Nov 21, 2025
…#243768) # Backport This will backport the following commits from `main` to `9.1`: - [[EDR Workflows] Fix endpoint exception RBAC UI issues (#235119)](#235119) <!--- Backport version: 10.2.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Gergő Ábrahám","email":"gergo.abraham@elastic.co"},"sourceCommit":{"committedDate":"2025-09-26T07:41:45Z","message":"[EDR Workflows] Fix endpoint exception RBAC UI issues (#235119)","sha":"74649249be16d255d67248c7559f7fbb67e28263","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:skip","Team:Defend Workflows","QA:Validated","ci:cloud-deploy","ci:project-deploy-security","v9.2.0"],"title":"[EDR Workflows] Fix endpoint exception RBAC UI issues","number":235119,"url":"https://github.com/elastic/kibana/pull/235119","mergeCommit":{"message":"[EDR Workflows] Fix endpoint exception RBAC UI issues (#235119)","sha":"74649249be16d255d67248c7559f7fbb67e28263"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/235119","number":235119,"mergeCommit":{"message":"[EDR Workflows] Fix endpoint exception RBAC UI issues (#235119)","sha":"74649249be16d255d67248c7559f7fbb67e28263"}}]}] BACKPORT-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
should be merged on the same week as:
siemV4for 9.2 #233433Summary
As Endpoint Exception sub-feature privilege, which has been only available on Serverless, is now being added to ESS as well, it is time fix some discrepancies on UI around user access for rule exceptions and endpoint exceptions.
Fortunately, these issues seem to be UI only, on API side the correct privileges are used.
🟢 Shared exception lists page
Lists and exceptions now can be edited only if the user has the correct privilege:
Some scenarios:
Security:ALL & Endpoint Exceptions:READ
video
Screen.Recording.2025-09-15.at.18.58.48.mov
Security:READ & Endpoint Exceptions:ALL
video
Screen.Recording.2025-09-15.at.19.00.28.mov
Import and create buttons
They used to be shown even with READ privileges.
🟢 List detail page
Same changes. Also, 'Link Rules' button is now hidden for Rule exceptions with Security:READ privilege.
Some scenarios:
Security:ALL & Endpoint Exceptions:READ
video
Screen.Recording.2025-09-15.at.19.04.38.mov
Security:READ & Endpoint Exceptions:ALL
video
Screen.Recording.2025-09-15.at.19.05.12.mov
Also,
Link rulesbutton is now disabled for Rule exceptions with Security:READ🟢 Rule page - Rule exceptions and Endpoint exceptions tabs
Security:ALL & Endpoint Exceptions:READ
video
Screen.Recording.2025-09-16.at.15.29.36.mov
Security:READ & Endpoint Exceptions:ALL
video
Screen.Recording.2025-09-16.at.15.28.13.mov
🟢 Alerts page - alert context menu
🟢 Alert flyout - take action menu
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.