[Discover] Forbidden error when read only user uses API created index pattern #62373
Description
Kibana version:
7.6.2
Elasticsearch version:
7.6.2
Describe the bug:
When a read only user uses an index pattern that does not yet have fields populated, a Forbidden error notification is displayed.
Steps to reproduce:
- Create an index pattern via Kibana's API for some indices that have documents.
POST /api/saved_objects/index-pattern/test
{
"attributes": {
"title": "test-*",
"timeFieldName": "@timestamp"
}
}
- As a user with read only permissions to Kibana Discover and the relevant indices, open Discover and select the created index pattern.
- Observe an error notification.
Error fetching fields for index pattern test-* (ID: test)
Forbidden
Expected behavior:
No error notification.
Any additional context:
I believe the error stems from
kibana/src/plugins/data/public/index_patterns/index_patterns/index_pattern.ts
Lines 481 to 483 in 911981d
Kibana appears to attempt to update the index pattern saved object's fields attribute if it is out of date (or missing); however, a read only user does not have permission to update the saved object. Since the save method is called under the catch, an error when saving is treated the same as an error in fetching the pattern. I think it would be reasonable in this case to ignore an exception raised when saving.