[Infra] Hosts View fails when user doesn't have permission to read Saved Objects #200151
Assignees
Labels
bug
Fixes for quality problems that affect the customer experience
Feature:ObsHosts
Hosts feature within Observability
Team:obs-ux-infra_services
Observability Infrastructure & Services User Experience Team
Comments
crespocarlos
added
bug
|
Pinging @elastic/obs-ux-infra_services-team (Team:obs-ux-infra_services) |
crespocarlos
changed the title
crespocarlos
added a commit
that referenced
this issue
Nov 21, 2024
closes [#200151](#200151) ## Summary This PR change the `getApmIndices` function from `apm_data_access` to fetch the information using Kibana's internal user. This was done for 2 reasons: 1 - Plugins using `savedObjects.client` might face a situation where the logged in user doesn't have permission to read saved objects, causing the retrieval of apm indices to fail, which could lead to unexpected exceptions 2 - Elasticsearch is able to determine whether the user has permission to view docs in the index patterns, therefore, it's ok to retrieve the index pattern with Kibana's internal user because ultimately elasticsearch will only return the data the user has access to. ### Infra app permission **Role config:** <img width="500" alt="image" src="https://github.com/user-attachments/assets/ae98a98f-570a-4139-b804-91a8de0c9d1d"> <img width="500" alt="image" src="https://github.com/user-attachments/assets/afe29e7f-ab02-40f4-a86c-aeb016655708"> **Without access to APM indices** <img width="500" alt="image" src="https://github.com/user-attachments/assets/8aa7d4e5-3484-4723-838c-54920e442c08"> <img width="500" alt="image" src="https://github.com/user-attachments/assets/af3ce400-7a45-4313-84c7-5b8170c39bf5"> **With access to APM indices** <img width="500" alt="image" src="https://github.com/user-attachments/assets/1effc137-72a2-4e5b-b2ac-62e685370a21"> <img width="500" alt="image" src="https://github.com/user-attachments/assets/e161f6d9-85a7-4f80-a7d3-7ec0bdc338a3"> ### Admin <img width="500" alt="image" src="https://github.com/user-attachments/assets/d280f0d6-de6c-408f-a080-fa150d237afc"> ### How to test - Follow the steps above - Other areas affected: assistant and profiling --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
paulinashakirova
pushed a commit
to paulinashakirova/kibana
that referenced
this issue
Nov 26, 2024
closes [elastic#200151](elastic#200151) ## Summary This PR change the `getApmIndices` function from `apm_data_access` to fetch the information using Kibana's internal user. This was done for 2 reasons: 1 - Plugins using `savedObjects.client` might face a situation where the logged in user doesn't have permission to read saved objects, causing the retrieval of apm indices to fail, which could lead to unexpected exceptions 2 - Elasticsearch is able to determine whether the user has permission to view docs in the index patterns, therefore, it's ok to retrieve the index pattern with Kibana's internal user because ultimately elasticsearch will only return the data the user has access to. ### Infra app permission **Role config:** <img width="500" alt="image" src="https://github.com/user-attachments/assets/ae98a98f-570a-4139-b804-91a8de0c9d1d"> <img width="500" alt="image" src="https://github.com/user-attachments/assets/afe29e7f-ab02-40f4-a86c-aeb016655708"> **Without access to APM indices** <img width="500" alt="image" src="https://github.com/user-attachments/assets/8aa7d4e5-3484-4723-838c-54920e442c08"> <img width="500" alt="image" src="https://github.com/user-attachments/assets/af3ce400-7a45-4313-84c7-5b8170c39bf5"> **With access to APM indices** <img width="500" alt="image" src="https://github.com/user-attachments/assets/1effc137-72a2-4e5b-b2ac-62e685370a21"> <img width="500" alt="image" src="https://github.com/user-attachments/assets/e161f6d9-85a7-4f80-a7d3-7ec0bdc338a3"> ### Admin <img width="500" alt="image" src="https://github.com/user-attachments/assets/d280f0d6-de6c-408f-a080-fa150d237afc"> ### How to test - Follow the steps above - Other areas affected: assistant and profiling --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
|
Reopening this because it was noticed that the changes made on the PR would break the APM index settings space awareness. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
When users don't have permission to read Saved Objects, the hosts view throws the error below
This happens because the code needs to get the
apm-indicesconfiguration to be able to query APM data.Role config:
AC
The text was updated successfully, but these errors were encountered: