[APM] Unauthorized Services Visible in APM Service Inventory Due to Alerts #198497
Assignees
Labels
bug
Fixes for quality problems that affect the customer experience
sdh-linked
Team:obs-ux-infra_services
Observability Infrastructure & Services User Experience Team
Comments
cauemarcondes
added
bug
|
Pinging @elastic/obs-ux-infra_services-team (Team:obs-ux-infra_services) |
|
it's worth mentioning
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Services that users lack access permissions for are currently visible in the APM Service inventory when triggered by alerts. This unintended behaviour exposes unauthorized services to users, compromising access restrictions.
The expected behaviour is for APM to exclude services from alerts if the user does not have access, similar to how access is managed in ML. This issue aims to adjust alert handling in APM to ensure that only authorized services are visible in the Service inventory.
The last two services are only listed because they have alerts, as seen there are no APM metrics available.
Solution:
We must apply the same filtering as done on services coming from ML https://github.com/elastic/kibana/blob/main/x-pack/plugins/observability_solution/apm/server/routes/services/get_services/merge_service_stats.ts#L52-L54
The text was updated successfully, but these errors were encountered: