[Entity Analytics] Adding license check to privileged user monitoring routes.#247986
Merged
ymao1 merged 4 commits intoelastic:mainfrom Jan 9, 2026
Merged
[Entity Analytics] Adding license check to privileged user monitoring routes.#247986ymao1 merged 4 commits intoelastic:mainfrom
ymao1 merged 4 commits intoelastic:mainfrom
Conversation
ymao1
changed the title
ymao1
added
release_note:skip
ymao1
changed the title
Contributor
|
Pinging @elastic/security-entity-analytics (Team:Entity Analytics) |
jbudz
approved these changes
Jan 7, 2026
Contributor
Author
|
@elasticmachine merge upstream |
CAWilson94
approved these changes
Jan 9, 2026
Contributor
CAWilson94
left a comment
CAWilson94
left a comment
There was a problem hiding this comment.
Desk tested: looking good!
Can confirm:
- When using basic license, see 403 error
- After switching to trial license - init call and other related privmon endpoints work
- Switching back to basic license, via end trial navigation, results in no longer accessing related calls or data e.g. tested data source access with
GET kbn:/api/entity_analytics/monitoring/entity_source/list
Thanks Ying! 🚀
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]
History
cc @ymao1 |
Contributor
|
Starting backport for target branches: 9.1, 9.2, 9.3 https://github.com/elastic/kibana/actions/runs/20865154798 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 9, 2026
… routes. (elastic#247986) ## Summary Adds a license check to the route handlers for all the privileged user monitoring routes. This feature should only be available in for `platinum` or `enterprise` licenses. The UI correctly gates on this license and does not show the UI for initializing the engine for `basic` licenses but the direct API calls did not perform any license checks. ## To Verify 1. Start ES using `yarn es snapshot --license basic --ssl` 2. Start Kibana using `yarn start --ssl` 3. Try to initialize the privileged user monitoring engine using the API in Dev Tools. You should receive an error response: <img width="1147" height="162" alt="Screenshot 2026-01-07 at 1 55 40 PM" src="https://github.com/user-attachments/assets/b0bc40a5-4b14-4701-b452-68e1a766b01c" /> 4. Go to license management: `https://localhost:5601/app/management/stack/license_management` and start a trial license. 5. Navigate back to Dev Tools and try the same API call. You should now receive a success response: <img width="978" height="187" alt="Screenshot 2026-01-06 at 1 36 31 PM" src="https://github.com/user-attachments/assets/13989216-5ddd-4495-86c4-1c95ed294bcd" /> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit 661530a)
Contributor
💔 Some backports could not be created
Note: Successful backport PRs will be merged automatically after passing CI. Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
ymao1
added a commit
to ymao1/kibana
that referenced
this pull request
Jan 9, 2026
… routes. (elastic#247986) ## Summary Adds a license check to the route handlers for all the privileged user monitoring routes. This feature should only be available in for `platinum` or `enterprise` licenses. The UI correctly gates on this license and does not show the UI for initializing the engine for `basic` licenses but the direct API calls did not perform any license checks. ## To Verify 1. Start ES using `yarn es snapshot --license basic --ssl` 2. Start Kibana using `yarn start --ssl` 3. Try to initialize the privileged user monitoring engine using the API in Dev Tools. You should receive an error response: <img width="1147" height="162" alt="Screenshot 2026-01-07 at 1 55 40 PM" src="https://github.com/user-attachments/assets/b0bc40a5-4b14-4701-b452-68e1a766b01c" /> 4. Go to license management: `https://localhost:5601/app/management/stack/license_management` and start a trial license. 5. Navigate back to Dev Tools and try the same API call. You should now receive a success response: <img width="978" height="187" alt="Screenshot 2026-01-06 at 1 36 31 PM" src="https://github.com/user-attachments/assets/13989216-5ddd-4495-86c4-1c95ed294bcd" /> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit 661530a) # Conflicts: # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/disable.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/health.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/init.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/monitoring_entity_source/create.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/monitoring_entity_source/delete.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/monitoring_entity_source/get.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/monitoring_entity_source/list.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/monitoring_entity_source/update.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/privileged_access_detection/pad_install.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/schedule_now.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/create.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/delete.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/list.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/upload_csv.ts # x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/utils/index.ts
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
ymao1
added a commit
to ymao1/kibana
that referenced
this pull request
Jan 9, 2026
… routes. (elastic#247986) ## Summary Adds a license check to the route handlers for all the privileged user monitoring routes. This feature should only be available in for `platinum` or `enterprise` licenses. The UI correctly gates on this license and does not show the UI for initializing the engine for `basic` licenses but the direct API calls did not perform any license checks. ## To Verify 1. Start ES using `yarn es snapshot --license basic --ssl` 2. Start Kibana using `yarn start --ssl` 3. Try to initialize the privileged user monitoring engine using the API in Dev Tools. You should receive an error response: <img width="1147" height="162" alt="Screenshot 2026-01-07 at 1 55 40 PM" src="https://github.com/user-attachments/assets/b0bc40a5-4b14-4701-b452-68e1a766b01c" /> 4. Go to license management: `https://localhost:5601/app/management/stack/license_management` and start a trial license. 5. Navigate back to Dev Tools and try the same API call. You should now receive a success response: <img width="978" height="187" alt="Screenshot 2026-01-06 at 1 36 31 PM" src="https://github.com/user-attachments/assets/13989216-5ddd-4495-86c4-1c95ed294bcd" /> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit 661530a) # Conflicts: # x-pack/solutions/security/plugins/security_solution/common/entity_analytics/privileged_user_monitoring/constants.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/engine/initialisation_service.test.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/create_index.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/delete.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/disable.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/health.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/init.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/monitoring_entity_source/create.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/monitoring_entity_source/delete.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/monitoring_entity_source/get.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/monitoring_entity_source/list.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/monitoring_entity_source/update.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/privileged_access_detection/pad_get_installation_status.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/privileged_access_detection/pad_install.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/schedule_now.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/search_indices.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/create.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/delete.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/list.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/update.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/upload_csv.ts # x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/utils/index.ts # x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/utils/privilege_monitoring.ts
kibanamachine
added a commit
that referenced
this pull request
Jan 9, 2026
…toring routes. (#247986) (#248539) # Backport This will backport the following commits from `main` to `9.3`: - [[Entity Analytics] Adding license check to privileged user monitoring routes. (#247986)](#247986) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Ying Mao","email":"ying.mao@elastic.co"},"sourceCommit":{"committedDate":"2026-01-09T20:49:35Z","message":"[Entity Analytics] Adding license check to privileged user monitoring routes. (#247986)\n\n## Summary\n\nAdds a license check to the route handlers for all the privileged user\nmonitoring routes. This feature should only be available in for\n`platinum` or `enterprise` licenses. The UI correctly gates on this\nlicense and does not show the UI for initializing the engine for `basic`\nlicenses but the direct API calls did not perform any license checks.\n\n## To Verify\n1. Start ES using `yarn es snapshot --license basic --ssl`\n2. Start Kibana using `yarn start --ssl`\n3. Try to initialize the privileged user monitoring engine using the API\nin Dev Tools. You should receive an error response:\n<img width=\"1147\" height=\"162\" alt=\"Screenshot 2026-01-07 at 1 55 40 PM\"\nsrc=\"https://github.com/user-attachments/assets/b0bc40a5-4b14-4701-b452-68e1a766b01c\"\n/>\n\n4. Go to license management:\n`https://localhost:5601/app/management/stack/license_management` and\nstart a trial license.\n5. Navigate back to Dev Tools and try the same API call. You should now\nreceive a success response:\n<img width=\"978\" height=\"187\" alt=\"Screenshot 2026-01-06 at 1 36 31 PM\"\nsrc=\"https://github.com/user-attachments/assets/13989216-5ddd-4495-86c4-1c95ed294bcd\"\n/>\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"661530a90b7760d7f97eafbe58a31c3f2cb4361b","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Entity Analytics","backport:version","v9.3.0","v9.4.0","v9.2.4","v9.1.10"],"title":"[Entity Analytics] Adding license check to privileged user monitoring routes.","number":247986,"url":"https://github.com/elastic/kibana/pull/247986","mergeCommit":{"message":"[Entity Analytics] Adding license check to privileged user monitoring routes. (#247986)\n\n## Summary\n\nAdds a license check to the route handlers for all the privileged user\nmonitoring routes. This feature should only be available in for\n`platinum` or `enterprise` licenses. The UI correctly gates on this\nlicense and does not show the UI for initializing the engine for `basic`\nlicenses but the direct API calls did not perform any license checks.\n\n## To Verify\n1. Start ES using `yarn es snapshot --license basic --ssl`\n2. Start Kibana using `yarn start --ssl`\n3. Try to initialize the privileged user monitoring engine using the API\nin Dev Tools. You should receive an error response:\n<img width=\"1147\" height=\"162\" alt=\"Screenshot 2026-01-07 at 1 55 40 PM\"\nsrc=\"https://github.com/user-attachments/assets/b0bc40a5-4b14-4701-b452-68e1a766b01c\"\n/>\n\n4. Go to license management:\n`https://localhost:5601/app/management/stack/license_management` and\nstart a trial license.\n5. Navigate back to Dev Tools and try the same API call. You should now\nreceive a success response:\n<img width=\"978\" height=\"187\" alt=\"Screenshot 2026-01-06 at 1 36 31 PM\"\nsrc=\"https://github.com/user-attachments/assets/13989216-5ddd-4495-86c4-1c95ed294bcd\"\n/>\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"661530a90b7760d7f97eafbe58a31c3f2cb4361b"}},"sourceBranch":"main","suggestedTargetBranches":["9.3","9.2","9.1"],"targetPullRequestStates":[{"branch":"9.3","label":"v9.3.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/247986","number":247986,"mergeCommit":{"message":"[Entity Analytics] Adding license check to privileged user monitoring routes. (#247986)\n\n## Summary\n\nAdds a license check to the route handlers for all the privileged user\nmonitoring routes. This feature should only be available in for\n`platinum` or `enterprise` licenses. The UI correctly gates on this\nlicense and does not show the UI for initializing the engine for `basic`\nlicenses but the direct API calls did not perform any license checks.\n\n## To Verify\n1. Start ES using `yarn es snapshot --license basic --ssl`\n2. Start Kibana using `yarn start --ssl`\n3. Try to initialize the privileged user monitoring engine using the API\nin Dev Tools. You should receive an error response:\n<img width=\"1147\" height=\"162\" alt=\"Screenshot 2026-01-07 at 1 55 40 PM\"\nsrc=\"https://github.com/user-attachments/assets/b0bc40a5-4b14-4701-b452-68e1a766b01c\"\n/>\n\n4. Go to license management:\n`https://localhost:5601/app/management/stack/license_management` and\nstart a trial license.\n5. Navigate back to Dev Tools and try the same API call. You should now\nreceive a success response:\n<img width=\"978\" height=\"187\" alt=\"Screenshot 2026-01-06 at 1 36 31 PM\"\nsrc=\"https://github.com/user-attachments/assets/13989216-5ddd-4495-86c4-1c95ed294bcd\"\n/>\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"661530a90b7760d7f97eafbe58a31c3f2cb4361b"}},{"branch":"9.2","label":"v9.2.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.1","label":"v9.1.10","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Ying Mao <ying.mao@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
devamanv
pushed a commit
to devamanv/kibana
that referenced
this pull request
Jan 12, 2026
… routes. (elastic#247986) ## Summary Adds a license check to the route handlers for all the privileged user monitoring routes. This feature should only be available in for `platinum` or `enterprise` licenses. The UI correctly gates on this license and does not show the UI for initializing the engine for `basic` licenses but the direct API calls did not perform any license checks. ## To Verify 1. Start ES using `yarn es snapshot --license basic --ssl` 2. Start Kibana using `yarn start --ssl` 3. Try to initialize the privileged user monitoring engine using the API in Dev Tools. You should receive an error response: <img width="1147" height="162" alt="Screenshot 2026-01-07 at 1 55 40 PM" src="https://github.com/user-attachments/assets/b0bc40a5-4b14-4701-b452-68e1a766b01c" /> 4. Go to license management: `https://localhost:5601/app/management/stack/license_management` and start a trial license. 5. Navigate back to Dev Tools and try the same API call. You should now receive a success response: <img width="978" height="187" alt="Screenshot 2026-01-06 at 1 36 31 PM" src="https://github.com/user-attachments/assets/13989216-5ddd-4495-86c4-1c95ed294bcd" /> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
kibanamachine
added
the
backport missing
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
4 similar comments
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
ymao1
added a commit
that referenced
this pull request
Jan 20, 2026
…toring routes. (#247986) (#248545) # Backport This will backport the following commits from `main` to `9.2`: - [[Entity Analytics] Adding license check to privileged user monitoring routes. (#247986)](#247986) <!--- Backport version: 10.2.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Ying Mao","email":"ying.mao@elastic.co"},"sourceCommit":{"committedDate":"2026-01-09T20:49:35Z","message":"[Entity Analytics] Adding license check to privileged user monitoring routes. (#247986)\n\n## Summary\n\nAdds a license check to the route handlers for all the privileged user\nmonitoring routes. This feature should only be available in for\n`platinum` or `enterprise` licenses. The UI correctly gates on this\nlicense and does not show the UI for initializing the engine for `basic`\nlicenses but the direct API calls did not perform any license checks.\n\n## To Verify\n1. Start ES using `yarn es snapshot --license basic --ssl`\n2. Start Kibana using `yarn start --ssl`\n3. Try to initialize the privileged user monitoring engine using the API\nin Dev Tools. You should receive an error response:\n<img width=\"1147\" height=\"162\" alt=\"Screenshot 2026-01-07 at 1 55 40 PM\"\nsrc=\"https://github.com/user-attachments/assets/b0bc40a5-4b14-4701-b452-68e1a766b01c\"\n/>\n\n4. Go to license management:\n`https://localhost:5601/app/management/stack/license_management` and\nstart a trial license.\n5. Navigate back to Dev Tools and try the same API call. You should now\nreceive a success response:\n<img width=\"978\" height=\"187\" alt=\"Screenshot 2026-01-06 at 1 36 31 PM\"\nsrc=\"https://github.com/user-attachments/assets/13989216-5ddd-4495-86c4-1c95ed294bcd\"\n/>\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"661530a90b7760d7f97eafbe58a31c3f2cb4361b","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Entity Analytics","backport:version","v9.3.0","v9.4.0","v9.2.4","v9.1.10"],"title":"[Entity Analytics] Adding license check to privileged user monitoring routes.","number":247986,"url":"https://github.com/elastic/kibana/pull/247986","mergeCommit":{"message":"[Entity Analytics] Adding license check to privileged user monitoring routes. (#247986)\n\n## Summary\n\nAdds a license check to the route handlers for all the privileged user\nmonitoring routes. This feature should only be available in for\n`platinum` or `enterprise` licenses. The UI correctly gates on this\nlicense and does not show the UI for initializing the engine for `basic`\nlicenses but the direct API calls did not perform any license checks.\n\n## To Verify\n1. Start ES using `yarn es snapshot --license basic --ssl`\n2. Start Kibana using `yarn start --ssl`\n3. Try to initialize the privileged user monitoring engine using the API\nin Dev Tools. You should receive an error response:\n<img width=\"1147\" height=\"162\" alt=\"Screenshot 2026-01-07 at 1 55 40 PM\"\nsrc=\"https://github.com/user-attachments/assets/b0bc40a5-4b14-4701-b452-68e1a766b01c\"\n/>\n\n4. Go to license management:\n`https://localhost:5601/app/management/stack/license_management` and\nstart a trial license.\n5. Navigate back to Dev Tools and try the same API call. You should now\nreceive a success response:\n<img width=\"978\" height=\"187\" alt=\"Screenshot 2026-01-06 at 1 36 31 PM\"\nsrc=\"https://github.com/user-attachments/assets/13989216-5ddd-4495-86c4-1c95ed294bcd\"\n/>\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"661530a90b7760d7f97eafbe58a31c3f2cb4361b"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","9.1"],"targetPullRequestStates":[{"branch":"9.3","label":"v9.3.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/248539","number":248539,"state":"OPEN"},{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/247986","number":247986,"mergeCommit":{"message":"[Entity Analytics] Adding license check to privileged user monitoring routes. (#247986)\n\n## Summary\n\nAdds a license check to the route handlers for all the privileged user\nmonitoring routes. This feature should only be available in for\n`platinum` or `enterprise` licenses. The UI correctly gates on this\nlicense and does not show the UI for initializing the engine for `basic`\nlicenses but the direct API calls did not perform any license checks.\n\n## To Verify\n1. Start ES using `yarn es snapshot --license basic --ssl`\n2. Start Kibana using `yarn start --ssl`\n3. Try to initialize the privileged user monitoring engine using the API\nin Dev Tools. You should receive an error response:\n<img width=\"1147\" height=\"162\" alt=\"Screenshot 2026-01-07 at 1 55 40 PM\"\nsrc=\"https://github.com/user-attachments/assets/b0bc40a5-4b14-4701-b452-68e1a766b01c\"\n/>\n\n4. Go to license management:\n`https://localhost:5601/app/management/stack/license_management` and\nstart a trial license.\n5. Navigate back to Dev Tools and try the same API call. You should now\nreceive a success response:\n<img width=\"978\" height=\"187\" alt=\"Screenshot 2026-01-06 at 1 36 31 PM\"\nsrc=\"https://github.com/user-attachments/assets/13989216-5ddd-4495-86c4-1c95ed294bcd\"\n/>\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"661530a90b7760d7f97eafbe58a31c3f2cb4361b"}},{"branch":"9.2","label":"v9.2.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.1","label":"v9.1.10","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
ymao1
added a commit
that referenced
this pull request
Jan 20, 2026
…toring routes. (#247986) (#248547) # Backport This will backport the following commits from `main` to `9.1`: - [[Entity Analytics] Adding license check to privileged user monitoring routes. (#247986)](#247986) <!--- Backport version: 10.2.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Ying Mao","email":"ying.mao@elastic.co"},"sourceCommit":{"committedDate":"2026-01-09T20:49:35Z","message":"[Entity Analytics] Adding license check to privileged user monitoring routes. (#247986)\n\n## Summary\n\nAdds a license check to the route handlers for all the privileged user\nmonitoring routes. This feature should only be available in for\n`platinum` or `enterprise` licenses. The UI correctly gates on this\nlicense and does not show the UI for initializing the engine for `basic`\nlicenses but the direct API calls did not perform any license checks.\n\n## To Verify\n1. Start ES using `yarn es snapshot --license basic --ssl`\n2. Start Kibana using `yarn start --ssl`\n3. Try to initialize the privileged user monitoring engine using the API\nin Dev Tools. You should receive an error response:\n<img width=\"1147\" height=\"162\" alt=\"Screenshot 2026-01-07 at 1 55 40 PM\"\nsrc=\"https://github.com/user-attachments/assets/b0bc40a5-4b14-4701-b452-68e1a766b01c\"\n/>\n\n4. Go to license management:\n`https://localhost:5601/app/management/stack/license_management` and\nstart a trial license.\n5. Navigate back to Dev Tools and try the same API call. You should now\nreceive a success response:\n<img width=\"978\" height=\"187\" alt=\"Screenshot 2026-01-06 at 1 36 31 PM\"\nsrc=\"https://github.com/user-attachments/assets/13989216-5ddd-4495-86c4-1c95ed294bcd\"\n/>\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"661530a90b7760d7f97eafbe58a31c3f2cb4361b","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Entity Analytics","backport:version","v9.3.0","v9.4.0","v9.2.4","v9.1.10"],"title":"[Entity Analytics] Adding license check to privileged user monitoring routes.","number":247986,"url":"https://github.com/elastic/kibana/pull/247986","mergeCommit":{"message":"[Entity Analytics] Adding license check to privileged user monitoring routes. (#247986)\n\n## Summary\n\nAdds a license check to the route handlers for all the privileged user\nmonitoring routes. This feature should only be available in for\n`platinum` or `enterprise` licenses. The UI correctly gates on this\nlicense and does not show the UI for initializing the engine for `basic`\nlicenses but the direct API calls did not perform any license checks.\n\n## To Verify\n1. Start ES using `yarn es snapshot --license basic --ssl`\n2. Start Kibana using `yarn start --ssl`\n3. Try to initialize the privileged user monitoring engine using the API\nin Dev Tools. You should receive an error response:\n<img width=\"1147\" height=\"162\" alt=\"Screenshot 2026-01-07 at 1 55 40 PM\"\nsrc=\"https://github.com/user-attachments/assets/b0bc40a5-4b14-4701-b452-68e1a766b01c\"\n/>\n\n4. Go to license management:\n`https://localhost:5601/app/management/stack/license_management` and\nstart a trial license.\n5. Navigate back to Dev Tools and try the same API call. You should now\nreceive a success response:\n<img width=\"978\" height=\"187\" alt=\"Screenshot 2026-01-06 at 1 36 31 PM\"\nsrc=\"https://github.com/user-attachments/assets/13989216-5ddd-4495-86c4-1c95ed294bcd\"\n/>\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"661530a90b7760d7f97eafbe58a31c3f2cb4361b"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","9.1"],"targetPullRequestStates":[{"branch":"9.3","label":"v9.3.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/248539","number":248539,"state":"OPEN"},{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/247986","number":247986,"mergeCommit":{"message":"[Entity Analytics] Adding license check to privileged user monitoring routes. (#247986)\n\n## Summary\n\nAdds a license check to the route handlers for all the privileged user\nmonitoring routes. This feature should only be available in for\n`platinum` or `enterprise` licenses. The UI correctly gates on this\nlicense and does not show the UI for initializing the engine for `basic`\nlicenses but the direct API calls did not perform any license checks.\n\n## To Verify\n1. Start ES using `yarn es snapshot --license basic --ssl`\n2. Start Kibana using `yarn start --ssl`\n3. Try to initialize the privileged user monitoring engine using the API\nin Dev Tools. You should receive an error response:\n<img width=\"1147\" height=\"162\" alt=\"Screenshot 2026-01-07 at 1 55 40 PM\"\nsrc=\"https://github.com/user-attachments/assets/b0bc40a5-4b14-4701-b452-68e1a766b01c\"\n/>\n\n4. Go to license management:\n`https://localhost:5601/app/management/stack/license_management` and\nstart a trial license.\n5. Navigate back to Dev Tools and try the same API call. You should now\nreceive a success response:\n<img width=\"978\" height=\"187\" alt=\"Screenshot 2026-01-06 at 1 36 31 PM\"\nsrc=\"https://github.com/user-attachments/assets/13989216-5ddd-4495-86c4-1c95ed294bcd\"\n/>\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"661530a90b7760d7f97eafbe58a31c3f2cb4361b"}},{"branch":"9.2","label":"v9.2.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.1","label":"v9.1.10","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
kibanamachine
added
v9.1.11
and removed
backport missing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a license check to the route handlers for all the privileged user monitoring routes. This feature should only be available in for
platinumorenterpriselicenses. The UI correctly gates on this license and does not show the UI for initializing the engine forbasiclicenses but the direct API calls did not perform any license checks.To Verify
yarn es snapshot --license basic --sslyarn start --sslhttps://localhost:5601/app/management/stack/license_managementand start a trial license.