[Security Solution] Fix AlertPrivileges UI hook to use new RBAC features by rylnd · Pull Request #246254 · elastic/kibana

rylnd · 2025-12-12T19:18:40Z

Summary

This hook, used by a few UI components, was incorrectly still relying on the general SIEM/Security kibana feature for determining access to alerts; it should have been updated to use the new SecurityRulesV1 feature (#239634), instead (which for 9.3 contains the Alerts privileges, and will be split into its own privileges in a later release).

This updates the hook appropriately, as well as removes some unused mocks that were referencing the hold hasSiem* values. Given that the hook was meant specifically for checking alerts privileges, there were/are no legitimate uses of the SIEM/Security feature in this hook.

How To Review

The following components previously required Security:Read permissions. They've now been updated to require RulesV1:Read permissions.

Explore > [Hosts|Network|Users] > [Host|Network|User] Detail Page
- AlertsByStatus (aka "Alerts by Severity") Panel
- AlertCountbyRuleStatus (aka "Alerts by Rule") Panel
Dashboards > Overview Page
- "Alert trend" Panel
Dashboards > Detection & Response Page
- AlertsByStatus (aka "Alerts") Panel

Example: `AlertsByStatus` and `AlertCountByRuleStatus` Panels on User Detail Page:

Checklist

Unit or functional tests were updated or added to match the most common scenarios
This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The release_note:breaking label should be applied in these situations.
The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines
Review the backport guidelines and apply applicable backport:* labels.

This hook, used by a few UI components, was incorrectly still relying on the general SIEM/Security kibana feature for determining access to alerts; it should have been updated to use the new SecurityRulesV1 feature, instead (which for 9.3 contains the Alerts privileges, and will be split into its own privileges in a later release). This updates the hook appropriately, as well as removes some unused mocks that were referencing the hold `hasSiem*` values. Given that the hook was meant specifically for checking alerts privileges, there were/are no legitimate uses of the SIEM/Security feature in this hook.

elasticmachine · 2025-12-12T21:20:50Z

Pinging @elastic/security-detection-engine (Team:Detection Engine)

PhilippeOberti

Code review only, LGTM for the @elastic/security-threat-hunting-investigations team

hop-dev

🚀

elasticmachine · 2025-12-15T21:36:32Z

💛 Build succeeded, but was flaky

Buildkite Build
Commit: 4a27935

Failed CI Steps

FTR Configs #41

Test Failures

[job] [logs] FTR Configs #41 / Serverless Observability - Deployment-agnostic AI Assistant API integration tests observability AI Assistant tool: retrieve_elastic_doc POST /internal/observability_ai_assistant/chat/complete The second request - Sending the user prompt should send 1 document to the llm

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
`securitySolution`	10.7MB	10.7MB	+20.0B

History

💔 Build #373250 failed 908921c
💔 Build #372969 failed a24a619

cc @rylnd

kibanamachine · 2025-12-22T21:20:59Z

Starting backport for target branches: 9.3

https://github.com/elastic/kibana/actions/runs/20444299632

kibanamachine · 2026-01-06T04:48:45Z