[Guided onboarding] Handle missing permissions #149132
Comments
yuliacech
added
bug
|
Pinging @elastic/platform-onboarding (Team:Journey/Onboarding) |
|
How visible do we want to make this failure -- are we certain we need to surface this error to users at all? I'm wondering if it wouldn't be better to hide the guided onboarding entirely if a user doesn't have the right permissions, or perhaps store a user's progress in local storage as a fallback for when they don't have the right permissions.
Since this scenario is an expected state for many users, I would consider either doing this check entirely on the server (& returning a 200 to the client with instructions on what to render in that case), or exposing a separate route to perform the authz check and then returning 403 from the existing route in case you forget to do the check. That way the Kibana APIs aren't constantly filling the logs with errors. |
## Summary Fixes #149132 This PR adds a Kibana feature for the guided onboarding plugin for better permissions handling. By default `kibana_admin` and `editor` roles are granted access to guided onboarding. The role `viewer` on the other hand doesn't have enough permissions to see or use guided onboarding. For any roles that don't have the correct permissions, guided onboarding is completely disabled, the same as it's disabled on-prem. When creating a new role, the feature "Setup guides" can be enabled or disabled. ### How to test 1. Add `xpack.cloud.id: 'testID'` to `/config/kibana.dev.yml` 1. Start ES with `yarn es snapshot` and Kibana with `yarn start`` 2. Login as elastic and create a test user with the role `viewer` 3. Clear everything from your browser's local storage 4. Login as the test user and check the following - On the first visit, the "on-prem" welcome message is shown (not the guided onboarding landing page) - The url `/app/home#/getting_started` is unknown and redirects back to the home page - There is no button "Setup guides" in the header - There is no link "Setup guides" in the help menu ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
If the user doesn't have permission to create or change saved objects that hold the state for guided onboarding, some API requests will fail and the UI will display an error. We should check for the needed permissions when handling the API requests and correctly display a message about missing permissions in the UI.
How to reproduce
The text was updated successfully, but these errors were encountered: