Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Observability Overview page shows unusable buttons to read-only users #106621

Open
jportner opened this issue Jul 22, 2021 · 0 comments
Open

Observability Overview page shows unusable buttons to read-only users #106621

jportner opened this issue Jul 22, 2021 · 0 comments
Labels
bug Fixes for quality problems that affect the customer experience Team:Observability Team label for Observability Team (for things that are handled across all of observability)

Comments

@jportner
Copy link
Contributor

jportner commented Jul 22, 2021
edited
Loading

Kibana version: 7.14.0 and earlier

Describe the bug:

As a read-only user of any observability feature, you can access the Observability Overview page. However, that page shows many options that regular users cannot actually accomplish.

Steps to reproduce:

  1. Create a minimal role, grant it only Read access to the Logs feature
  2. Create a user and assign it the new role
  3. Log in as the new user
  4. Navigate to the Observability Overview page
  5. Observe several unusable UI elements: "Install Filebeat", "Install Agent", "Install Metricbeat", "Install Heartbeat", "Install RUM Agent", "Create rule".

Expected behavior:

UI elements should be hidden or grayed out with an appropriate tooltip if the user does not have the required privileges to use that workflow.

Screenshots (if relevant):

Screenshot 1:
image

Screenshot 2:
image

Additional context

  1. It looks like the "Install X" buttons are all derived from the Home app. I opened a separate issue for that: [Home] Home app shows unusable controls to under-privileged users #106569
  2. "Install Agent" and "Install RUM Agent" both end directing the user to the APM app, so those should require APM access?
  3. "Install Heartbeat" ends with directing the user to the Uptime app, so that should require Uptime access?
  4. There are several 403 errors in the network tab when viewing this page as a read-only user (see Screenshot 2 above)
@jportner jportner added the bug Fixes for quality problems that affect the customer experience label Jul 22, 2021
@botelastic botelastic bot added the needs-team Issues missing a team label label Jul 22, 2021
@jportner jportner mentioned this issue Jul 22, 2021
Open
@jportner jportner added the Team:Observability Team label for Observability Team (for things that are handled across all of observability) label Jul 22, 2021
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jul 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Team:Observability Team label for Observability Team (for things that are handled across all of observability)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jportner