[Search] Basic RBAC for Search Applications & Behavioral Analytics (#…

…203335) ## Summary Moved Search Applications & Behavioral Analytics from the base KibanaFeature to their own so that they can be controlled independently from other parts of the search solution. ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) --------- Co-authored-by: Elastic Machine <[email protected]>
elastic · Dec 10, 2024 · 91337c7 · 91337c7
1 parent 2fb9ef4
commit 91337c7
Show file tree

Hide file tree

Showing 6 changed files with 75 additions and 2 deletions.
diff --git a/x-pack/plugins/enterprise_search/server/plugin.ts b/x-pack/plugins/enterprise_search/server/plugin.ts
@@ -23,6 +23,7 @@ import { KibanaFeatureScope } from '@kbn/features-plugin/common';
 import { FeaturesPluginSetup } from '@kbn/features-plugin/server';
 import { GlobalSearchPluginSetup } from '@kbn/global-search-plugin/server';
 import type { GuidedOnboardingPluginSetup } from '@kbn/guided-onboarding-plugin/server';
+import { i18n } from '@kbn/i18n';
 import type { LicensingPluginStart } from '@kbn/licensing-plugin/public';
 import { LogsSharedPluginSetup } from '@kbn/logs-shared-plugin/server';
 import type { MlPluginSetup } from '@kbn/ml-plugin/server';
@@ -169,12 +170,10 @@ export class EnterpriseSearchPlugin implements Plugin {
       ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.ID,
       ENTERPRISE_SEARCH_CONTENT_PLUGIN.ID,
       ELASTICSEARCH_PLUGIN.ID,
-      ANALYTICS_PLUGIN.ID,
       ...(config.canDeployEntSearch ? [APP_SEARCH_PLUGIN.ID, WORKPLACE_SEARCH_PLUGIN.ID] : []),
       SEARCH_EXPERIENCES_PLUGIN.ID,
       VECTOR_SEARCH_PLUGIN.ID,
       SEMANTIC_SEARCH_PLUGIN.ID,
-      APPLICATIONS_PLUGIN.ID,
       AI_SEARCH_PLUGIN.ID,
     ];
     const isCloud = !!cloud?.cloudId;
@@ -220,6 +219,66 @@ export class EnterpriseSearchPlugin implements Plugin {
         },
       },
     });
+    features.registerKibanaFeature({
+      id: APPLICATIONS_PLUGIN.ID,
+      name: i18n.translate('xpack.enterpriseSearch.applications.featureName', {
+        defaultMessage: 'Search Applications',
+      }),
+      order: 3,
+      category: DEFAULT_APP_CATEGORIES.enterpriseSearch,
+      scope: [KibanaFeatureScope.Spaces, KibanaFeatureScope.Security],
+      app: ['kibana', APPLICATIONS_PLUGIN.ID],
+      catalogue: [APPLICATIONS_PLUGIN.ID],
+      privileges: {
+        all: {
+          app: ['kibana', APPLICATIONS_PLUGIN.ID],
+          api: [],
+          catalogue: [APPLICATIONS_PLUGIN.ID],
+          savedObject: {
+            all: [],
+            read: [],
+          },
+          ui: [],
+        },
+        read: {
+          disabled: true,
+          savedObject: {
+            all: [],
+            read: [],
+          },
+          ui: [],
+        },
+      },
+    });
+    features.registerKibanaFeature({
+      id: ANALYTICS_PLUGIN.ID,
+      name: ANALYTICS_PLUGIN.NAME,
+      order: 4,
+      category: DEFAULT_APP_CATEGORIES.enterpriseSearch,
+      scope: [KibanaFeatureScope.Spaces, KibanaFeatureScope.Security],
+      app: ['kibana', ANALYTICS_PLUGIN.ID],
+      catalogue: [ANALYTICS_PLUGIN.ID],
+      privileges: {
+        all: {
+          app: ['kibana', ANALYTICS_PLUGIN.ID],
+          api: [],
+          catalogue: [ANALYTICS_PLUGIN.ID],
+          savedObject: {
+            all: [],
+            read: [],
+          },
+          ui: [],
+        },
+        read: {
+          disabled: true,
+          savedObject: {
+            all: [],
+            read: [],
+          },
+          ui: [],
+        },
+      },
+    });
 
     /**
      * Register Enterprise Search UI Settings

diff --git a/x-pack/test/api_integration/apis/features/features/features.ts b/x-pack/test/api_integration/apis/features/features/features.ts
@@ -102,6 +102,8 @@ export default function ({ getService }: FtrProviderContext) {
             'dev_tools',
             'actions',
             'enterpriseSearch',
+            'enterpriseSearchApplications',
+            'enterpriseSearchAnalytics',
             'filesManagement',
             'filesSharedImage',
             'advancedSettings',
@@ -154,6 +156,8 @@ export default function ({ getService }: FtrProviderContext) {
           'dev_tools',
           'actions',
           'enterpriseSearch',
+          'enterpriseSearchApplications',
+          'enterpriseSearchAnalytics',
           'filesManagement',
           'filesSharedImage',
           'advancedSettings',

diff --git a/x-pack/test/api_integration/apis/security/privileges.ts b/x-pack/test/api_integration/apis/security/privileges.ts
@@ -181,6 +181,8 @@ export default function ({ getService }: FtrProviderContext) {
         'packs_read',
       ],
       enterpriseSearch: ['all', 'read', 'minimal_all', 'minimal_read'],
+      enterpriseSearchApplications: ['all', 'read', 'minimal_all', 'minimal_read'],
+      enterpriseSearchAnalytics: ['all', 'read', 'minimal_all', 'minimal_read'],
       filesManagement: ['all', 'read', 'minimal_all', 'minimal_read'],
       filesSharedImage: ['all', 'read', 'minimal_all', 'minimal_read'],
       rulesSettings: [

diff --git a/x-pack/test/api_integration/apis/security/privileges_basic.ts b/x-pack/test/api_integration/apis/security/privileges_basic.ts
@@ -44,6 +44,8 @@ export default function ({ getService }: FtrProviderContext) {
             apm: ['all', 'read', 'minimal_all', 'minimal_read'],
             osquery: ['all', 'read', 'minimal_all', 'minimal_read'],
             enterpriseSearch: ['all', 'read', 'minimal_all', 'minimal_read'],
+            enterpriseSearchApplications: ['all', 'read', 'minimal_all', 'minimal_read'],
+            enterpriseSearchAnalytics: ['all', 'read', 'minimal_all', 'minimal_read'],
             ml: ['all', 'read', 'minimal_all', 'minimal_read'],
             siem: ['all', 'read', 'minimal_all', 'minimal_read'],
             securitySolutionAssistant: ['all', 'read', 'minimal_all', 'minimal_read'],
@@ -269,6 +271,8 @@ export default function ({ getService }: FtrProviderContext) {
               'packs_read',
             ],
             enterpriseSearch: ['all', 'read', 'minimal_all', 'minimal_read'],
+            enterpriseSearchApplications: ['all', 'read', 'minimal_all', 'minimal_read'],
+            enterpriseSearchAnalytics: ['all', 'read', 'minimal_all', 'minimal_read'],
             rulesSettings: [
               'all',
               'read',

diff --git a/x-pack/test/spaces_api_integration/spaces_only/telemetry/telemetry.ts b/x-pack/test/spaces_api_integration/spaces_only/telemetry/telemetry.ts
@@ -83,6 +83,8 @@ export default function ({ getService }: FtrProviderContext) {
         monitoring: 0,
         apm: 0,
         enterpriseSearch: 0,
+        enterpriseSearchApplications: 0,
+        enterpriseSearchAnalytics: 0,
         searchInferenceEndpoints: 0,
         searchPlayground: 0,
         siem: 0,

diff --git a/x-pack/test/ui_capabilities/security_and_spaces/tests/nav_links.ts b/x-pack/test/ui_capabilities/security_and_spaces/tests/nav_links.ts
@@ -64,6 +64,8 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
                 'monitoring',
                 'observabilityAIAssistant',
                 'enterpriseSearch',
+                'enterpriseSearchApplications',
+                'enterpriseSearchAnalytics',
                 'searchPlayground',
                 'searchInferenceEndpoints',
                 'guidedOnboardingFeature',