Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Discover] Forbidden error when read only user uses API created index pattern #62373

Closed
phy1729 opened this issue Apr 2, 2020 · 2 comments
Closed

[Discover] Forbidden error when read only user uses API created index pattern #62373

phy1729 opened this issue Apr 2, 2020 · 2 comments
Labels
Feature:Data Views Data Views code and UI - index patterns before 8.0 impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort triage_needed

Comments

@phy1729
Copy link

phy1729 commented Apr 2, 2020

Kibana version:
7.6.2
Elasticsearch version:
7.6.2

Describe the bug:
When a read only user uses an index pattern that does not yet have fields populated, a Forbidden error notification is displayed.

Steps to reproduce:

  1. Create an index pattern via Kibana's API for some indices that have documents.
POST /api/saved_objects/index-pattern/test
{
    "attributes": {
        "title": "test-*",
        "timeFieldName": "@timestamp"
    }
}
  1. As a user with read only permissions to Kibana Discover and the relevant indices, open Discover and select the created index pattern.
  2. Observe an error notification.
Error fetching fields for index pattern test-* (ID: test)

Forbidden

Expected behavior:
No error notification.

Any additional context:
I believe the error stems from

kibana/src/plugins/data/public/index_patterns/index_patterns/index_pattern.ts

Lines 481 to 483 in 911981d

return this._fetchFields()
.then(() => this.save())
.catch(err => {

Kibana appears to attempt to update the index pattern saved object's fields attribute if it is out of date (or missing); however, a read only user does not have permission to update the saved object. Since the save method is called under the catch, an error when saving is treated the same as an error in fetching the pattern. I think it would be reasonable in this case to ignore an exception raised when saving.
@kertal kertal added Feature:Data Views Data Views code and UI - index patterns before 8.0 Team:AppArch and removed Feature:Data Views Data Views code and UI - index patterns before 8.0 labels Apr 3, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-app-arch (Team:AppArch)

@kertal kertal added the Feature:Data Views Data Views code and UI - index patterns before 8.0 label Apr 3, 2020
@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort labels Jun 21, 2021
@mattkime
Copy link
Contributor

mattkime commented Oct 5, 2021

Resolved in 7.11 by #83368

@mattkime mattkime closed this as completed Oct 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Data Views Data Views code and UI - index patterns before 8.0 impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort triage_needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mattkime @phy1729 @kertal @elasticmachine