Space privilege "Index pattern management" read still shows delete button

[robin13]

Kibana version: 7.5.0

Elasticsearch version: 7.5.0

Server OS version: Ubuntu 18.04

Browser version: Google Chrome Version 79.0.3945.79 (Official Build) (64-bit)

Browser OS version: Ubuntu 18.04

Original install method (e.g. download page, yum, from source, etc.): Docker

Describe the bug:

Steps to reproduce:
1.

Set up a user with the kibana spaces privilege "Index Pattern Management" set to "Read":

2. Now log in with this user - when you open Index Patterns, you will (correctly) not see the edit button:

3. But if you click on a given index pattern, you will see the "Delete" and "Refresh" buttons:

4. When you click on these, you get a "Forbidden" error:

So this seems to not be a security error (the user is correctly not able to make any changes).

Expected behavior:

The UI should also hide the "delete" and "refresh" buttons for users which do not have the "edit

[elasticmachine]

Pinging @elastic/kibana-app-arch (Team:AppArch)

[lukeelmers]

When addressing this, we should probably also be removing the "edit" icons next to each field, as well as the buttons for adding scripted fields and source filters.

[markov00]

This still a thing in 7.8.0 (on demo.elastic.co)

I'd also like to add a few related behaviors:

• scripted field shows also the delete button, you can press it, the scripted field is then removed from the UI (the network call fails)
• after deleting the field and clicking the refresh field list button an error is thrown:

Error
    at Fetch._callee3$ (https://demo.elastic.co/31997/bundles/commons.bundle.js:3:1290173)
    at l (https://demo.elastic.co/31997/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:969217)
    at Generator._invoke (https://demo.elastic.co/31997/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:968970)
    at Generator.forEach.e.<computed> [as next] (https://demo.elastic.co/31997/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:969574)
    at asyncGeneratorStep (https://demo.elastic.co/31997/bundles/commons.bundle.js:3:1283693)
    at _next (https://demo.elastic.co/31997/bundles/commons.bundle.js:3:1284004)

looks similar to the one on this issue description

• if instead you edit the scripted field and click the save button, the network call fails silently and the Save field button progress indicator starts spinning endlessly

[shivindera]

Fixed and will be part of next release.