-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add readonly view to role management #143893
Add readonly view to role management #143893
Conversation
Pinging @elastic/kibana-security (Team:Security) |
@thomheymann The only way I have found to give users access to view the Kibana privileges section of the role screen is to grant a blanket of 'All' Kibana privileges to the user. If I manually enable all Kibana privileges, one-by-one, the user still cannot access a read-only view of Kibana privileges in the role screen. @legrego Thom tracked the logic to the |
Ok. Looks like this is exactly expected. There's an open issue to make this an explicit privilege in the future. Thanks @legrego! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! Clean implementation and seems to leverage existing patterns/utilities/naming conventions.
x-pack/plugins/security/public/management/roles/edit_role/privileges/es/cluster_privileges.tsx
Show resolved
Hide resolved
.../edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx
Show resolved
Hide resolved
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
Unknown metric groupsESLint disabled in files
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
* main: (41 commits) [api-docs] Daily api_docs build (elastic#144212) Add readonly view to role management (elastic#143893) [api-docs] Daily api_docs build (elastic#144208) [APM] Adds button group to navigate to "All services" (elastic#142911) Update react-query to ^4.12.0 (main) (elastic#139986) [APM] Support specific fields when creating service groups (elastic#142201) (elastic#143881) [api-docs] Daily api_docs build (elastic#144203) [ts] add stub index.d.ts in @kbn/ui-shared-deps-npm [Synthetics] Fix failing Synthetics Integration test (elastic#144175) chore(NA): remove @types/pkg link creation when generating a new package (elastic#144200) [Osquery] Update schema to v5.5.1 (elastic#144090) [ci] remove github-checks-reporter (elastic#144193) [8.6][ML Inference] Verify pipeline usage before deletion (elastic#144053) [ts] ts refs cache was removed, remove capture task Added Rollups CCS Test (elastic#144074) [auto] migrate existing plugin/package configs [ts] stop building @types packages in bootstrap skip failing test suite (elastic#142762) skip failing test suite (elastic#144186) [Fleet] Show Add Fleet Server instead of add agent when adding agent from agent policy (elastic#144105) ...
Resolves #141801
Summary
Hides CTAs and disables input fields on role management screens in readonly mode.
Screenshot
Testing
viewer
role,kibana_admin
role andread_security
privileges