Error with a readonly user for Fleet #191750
Labels
bug
Fixes for quality problems that affect the customer experience
Team:Fleet
Team label for Observability Data Collection Fleet team
Comments
jeffatfw
added
the
bug
jughosta
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
|
@nchaulet - Is it possible this is a regression caused by RBAC changes? |
|
I do not think it's a regression, Fleet is and was not accessible with |
|
Going to close this as expected behavior then. Per https://www.elastic.co/guide/en/fleet/current/manage-agents-in-fleet.html:
https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html mentions |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Kibana version: 8.15.0
Elasticsearch version: 8.15.0
Server OS version: Based on this docker image: docker.elastic.co/kibana/kibana:8.15.0
Browser version: Chrome Version 128.0.6613.84 (Official Build) (arm64)
Browser OS version:
Original install method (e.g. download page, yum, from source, etc.): Docker image
Describe the bug:
Setup a readonly role for Fleet and it results in a Permission Denied error screen.
Steps to reproduce:
You are not authorized to access Fleet. Kibana privileges are required to access Fleet; the "Read" or "All" privilege is required to access Integrations.
Expected behavior:
See a readonly view of Fleet
Screenshots (if relevant):
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
kibana-1 | [2024-08-29T14:50:35.515+00:00][INFO ][plugins.fleet.fleet_authz_router] User does not have required fleet authz to access path: /api/fleet/agents/setup
Any additional context:
I am seeing this in my local dev environment and in a locally hosted production installation.
The documentation on this page is out of date: https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html
The text was updated successfully, but these errors were encountered: