Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dashboard doesn't work with users with only limited privileges( read privileges to dashboard which has lens visualization) #76709

Closed
rashmivkulkarni opened this issue Sep 3, 2020 · 5 comments · Fixed by #77067
Closed

dashboard doesn't work with users with only limited privileges( read privileges to dashboard which has lens visualization) #76709

rashmivkulkarni opened this issue Sep 3, 2020 · 5 comments · Fixed by #77067
Labels
bug Fixes for quality problems that affect the customer experience Feature:Lens Feature:Security/Feature Controls Platform Security - Spaces & Role Mgmt feature controls Team:Visualizations Visualization editors, elastic-charts and infrastructure

Comments

@rashmivkulkarni
Copy link
Contributor

Kibana 8.0

Create an user with limited privileges to a Lens Dashboard, ( just give read only permission) , you hit a 403 unauthorized error.
Screen Shot 2020-09-03 at 1 06 05 PM

Screen Shot 2020-09-03 at 1 06 34 PM

Screen Shot 2020-09-03 at 1 04 52 PM

cc @LeeDr
@rashmivkulkarni rashmivkulkarni added bug Fixes for quality problems that affect the customer experience Team:Visualizations Visualization editors, elastic-charts and infrastructure Feature:Lens labels Sep 3, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-app (Team:KibanaApp)

@rashmivkulkarni
Copy link
Contributor Author

Tried with evern giving read pemissions on embedded visualizations in the dashboard, but still fails with

 proc [kibana] server    log   [13:55:36.464] [error][browser-driver][execute][headless-browser-console][kenagpxr108f9d0062ccg0jg][plugins][printable_pdf][reporting] Failed to load resource: the server responded with a status of 403 (Forbidden)
   │ proc [kibana] server    log   [13:55:36.491] [info][execute][kenagpxr108f9d0062ccg0jg][plugins][printable_pdf][reporting] handled 113 page requests
   │ proc [kibana] server    log   [13:55:36.494] [error][execute][kenagpxr108f9d0062ccg0jg][plugins][printable_pdf][reporting] Reporting encountered an error on the page: Error: Error: Forbidden
   │ proc [kibana]     at Fetch.fetchResponse (http://localhost:5620/9007199254740991/bundles/core/core.entry.js:58421:13)
   │ proc [kibana]     at async interceptResponse (http://localhost:5620/9007199254740991/bundles/core/core.entry.js:58833:10)
   │ proc [kibana]     at async http://localhost:5620/9007199254740991/bundles/core/core.entry.js:58319:39
   │ proc [kibana] server    log   [13:55:36.495] [error][error][esqueue][plugins][queue-worker][reporting] ken6wp8k108f9d0062flti4y - Failure occurred on job kenagpxr108f9d0062ccg0jg: Reporting encountered an error on the page: Error: Error: Forbidden

@rashmivkulkarni rashmivkulkarni mentioned this issue Sep 3, 2020
Merged
@LeeDr LeeDr added the Feature:Security/Feature Controls Platform Security - Spaces & Role Mgmt feature controls label Sep 3, 2020
@rashmivkulkarni
Copy link
Contributor Author

related PR : #76713

@rashmivkulkarni
Copy link
Contributor Author

Screen Shot 2020-09-08 at 11 43 59 AM

Here I had given dashboard_all privilege to the user who had logged in test_user The role definition was as follows:


        global_dashboard_all: {
          kibana: [
            {
              feature: {
                dashboard: ['all'],
              },
              spaces: ['*'],
            },
          ],
        },

But still the screen shows that the user needs additional privileges to edit the dashboard. I think this is a bug.
cc @LeeDr

@kertal
Copy link
Member

kertal commented Sep 9, 2020

Screen Shot 2020-09-08 at 11 43 59 AM

Here I had given dashboard_all privilege to the user who had logged in test_user The role definition was as follows:


        global_dashboard_all: {
          kibana: [
            {
              feature: {
                dashboard: ['all'],
              },
              spaces: ['*'],
            },
          ],
        },

But still the screen shows that the user needs additional privileges to edit the dashboard. I think this is a bug.
cc @LeeDr

I've created such a user in my local Kibana instance and it worked locally. I guess this was done in a test setup? And I think it makes sense to create a separate issue, since it's a different issue then the one mentioned at the start of this issue

@legrego legrego mentioned this issue Sep 9, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Feature:Lens Feature:Security/Feature Controls Platform Security - Spaces & Role Mgmt feature controls Team:Visualizations Visualization editors, elastic-charts and infrastructure
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adds lens as a readable saved object for read-only dashboard users legrego/kibana
4 participants
@kertal @rashmivkulkarni @LeeDr @elasticmachine