From c4b91f5442d043238490d5b79fc3f1c05ab9b583 Mon Sep 17 00:00:00 2001 From: machadoum Date: Thu, 27 Feb 2025 12:57:50 +0100 Subject: [PATCH] Fix Risk score Insufficient privileges warning missing cluster privileges --- .../entity_analytics_risk_score/index.tsx | 2 +- .../risk_details_tab_body/index.tsx | 2 +- .../components/user_risk_score_tab_body.tsx | 2 +- .../use_missing_risk_engine_privileges.ts | 21 +++++++++++++++---- .../navigation/host_risk_score_tab_body.tsx | 2 +- 5 files changed, 21 insertions(+), 8 deletions(-) diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_analytics_risk_score/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_analytics_risk_score/index.tsx index 225aee1bfb34d..15b1e046ff54a 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_analytics_risk_score/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_analytics_risk_score/index.tsx @@ -172,7 +172,7 @@ const EntityAnalyticsRiskScoresComponent = ({ setUpdatedAt(Date.now()); }, [isTableLoading, isKpiLoading]); // Update the time when data loads - const privileges = useMissingRiskEnginePrivileges(['read']); + const privileges = useMissingRiskEnginePrivileges({ readonly: true }); if (!isAuthorized) { return null; diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/risk_details_tab_body/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/risk_details_tab_body/index.tsx index 32fa82df0791d..1d66bea440c69 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/risk_details_tab_body/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/risk_details_tab_body/index.tsx @@ -93,7 +93,7 @@ const RiskDetailsTabBodyComponent: React.FC< [setContributorsToggleStatus] ); - const privileges = useMissingRiskEnginePrivileges(); + const privileges = useMissingRiskEnginePrivileges({ readonly: true }); const RiskScoreUpsell = useUpsellingComponent('entity_analytics_panel'); if (RiskScoreUpsell) { diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/user_risk_score_tab_body.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/user_risk_score_tab_body.tsx index 34744890dcc15..e1a3dd45cf89f 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/user_risk_score_tab_body.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/user_risk_score_tab_body.tsx @@ -64,7 +64,7 @@ export const UserRiskScoreQueryTabBody = ({ const timerange = useMemo(() => ({ from, to }), [from, to]); - const privileges = useMissingRiskEnginePrivileges(); + const privileges = useMissingRiskEnginePrivileges({ readonly: true }); const { data, inspect, isInspected, hasEngineBeenInstalled, loading, refetch, totalCount } = useRiskScore({ diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/hooks/use_missing_risk_engine_privileges.ts b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/hooks/use_missing_risk_engine_privileges.ts index 9fa4c8d4b3881..40761dfa60b80 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/hooks/use_missing_risk_engine_privileges.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/hooks/use_missing_risk_engine_privileges.ts @@ -22,8 +22,14 @@ export type RiskEngineMissingPrivilegesResponse = hasAllRequiredPrivileges: false; }; +interface UseMissingRiskEnginePrivilegesParams { + /** + * If `true`, only read privileges are required. + */ + readonly: boolean; +} export const useMissingRiskEnginePrivileges = ( - required: NonEmptyArray = ['read', 'write'] + { readonly }: UseMissingRiskEnginePrivilegesParams = { readonly: false } ): RiskEngineMissingPrivilegesResponse => { const { data: privilegesResponse, isLoading } = useRiskEnginePrivileges(); @@ -41,14 +47,21 @@ export const useMissingRiskEnginePrivileges = ( }; } + const requiredIndexPrivileges: NonEmptyArray = readonly + ? ['read'] + : ['read', 'write']; + const { indexPrivileges, clusterPrivileges } = getMissingRiskEnginePrivileges( privilegesResponse.privileges, - required + requiredIndexPrivileges ); // privilegesResponse.has_all_required` is slightly misleading, it checks if it has *all* default required privileges. // Here we check if there are no missing privileges of the provided set of required privileges - if (indexPrivileges.every(([_, missingPrivileges]) => missingPrivileges.length === 0)) { + if ( + indexPrivileges.every(([_, missingPrivileges]) => missingPrivileges.length === 0) && + (readonly || clusterPrivileges.length === 0) // cluster privileges check is required for write operations + ) { return { isLoading: false, hasAllRequiredPrivileges: true, @@ -63,5 +76,5 @@ export const useMissingRiskEnginePrivileges = ( clusterPrivileges, }, }; - }, [isLoading, privilegesResponse, required]); + }, [isLoading, privilegesResponse, readonly]); }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/navigation/host_risk_score_tab_body.tsx b/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/navigation/host_risk_score_tab_body.tsx index 557e0ff68d724..d671d30410200 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/navigation/host_risk_score_tab_body.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/navigation/host_risk_score_tab_body.tsx @@ -63,7 +63,7 @@ export const HostRiskScoreQueryTabBody = ({ }, [toggleStatus]); const timerange = useMemo(() => ({ from, to }), [from, to]); - const privileges = useMissingRiskEnginePrivileges(); + const privileges = useMissingRiskEnginePrivileges({ readonly: true }); const { data, inspect, isInspected, hasEngineBeenInstalled, loading, refetch, totalCount } = useRiskScore({ filterQuery,