From d7c551745bf854e8e2a5a4d6ad1715850fdef435 Mon Sep 17 00:00:00 2001
From: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>
Date: Thu, 10 Oct 2024 14:40:15 +0200
Subject: [PATCH] [Authz] Adjusted forbidden message for new security route
 configuration (#195368)

## Summary

Adjusted forbidden message for new security route configuration to be
consistent with ES.

__Closes: https://github.com/elastic/kibana/issues/195365__

(cherry picked from commit 2759994e2d53b294a3a049f69bd56fc2e8477e77)
---
 .../server/authorization/api_authorization.ts    | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/x-pack/plugins/security/server/authorization/api_authorization.ts b/x-pack/plugins/security/server/authorization/api_authorization.ts
index ba38d9ca0aa20..9c67ff8bdff8b 100644
--- a/x-pack/plugins/security/server/authorization/api_authorization.ts
+++ b/x-pack/plugins/security/server/authorization/api_authorization.ts
@@ -87,17 +87,17 @@ export function initAPIAuthorization(
           const missingPrivileges = Object.keys(kibanaPrivileges).filter(
             (key) => !kibanaPrivileges[key]
           );
-          logger.warn(
-            `User not authorized for "${request.url.pathname}${
-              request.url.search
-            }", responding with 403: missing privileges: ${missingPrivileges.join(', ')}`
-          );
+          const forbiddenMessage = `API [${request.route.method.toUpperCase()} ${
+            request.url.pathname
+          }${
+            request.url.search
+          }] is unauthorized for user, this action is granted by the Kibana privileges [${missingPrivileges}]`;
+
+          logger.warn(forbiddenMessage);
 
           return response.forbidden({
             body: {
-              message: `User not authorized for ${request.url.pathname}${
-                request.url.search
-              }, missing privileges: ${missingPrivileges.join(', ')}`,
+              message: forbiddenMessage,
             },
           });
         }