Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[APM] Error when viewing the Infrastructure tab without access to Infrastructure app #191198

Open
crespocarlos opened this issue Aug 23, 2024 · 3 comments
Open

[APM] Error when viewing the Infrastructure tab without access to Infrastructure app #191198

crespocarlos opened this issue Aug 23, 2024 · 3 comments
Labels
bug Fixes for quality problems that affect the customer experience RBAC Role Based Access Control stale Used to mark issues that were closed for being stale Team:obs-ux-infra_services Observability Infrastructure & Services User Experience Team

Comments

@crespocarlos
Copy link
Contributor

crespocarlos commented Aug 23, 2024
edited
Loading

Summary

If a user does not have Infrastructure privilege or elasticsearch privilege for related indices they cannot access Infrastructure data, resulting in an error.

Image

Steps to reproduce

  • Create a user with elasticsearch index privileges:
    • indices: metrics-apm*,apm*,traces-apm*,logs-apm*
    • privileges: 'read', 'view_index_metadata'
    • and kibana privileges: APM and User Experience
  • Navigate to APM Service Overview
  • Click on the Infrastructure tab (I don't think we have a synthtrace scenario to make this tab work. I forced the code to run a path that would try to fetch infra data)

Possible solution

We could show the Infrastructure tab only if application.uiCapabilities.infrastructure.show is true or display a message saying that the user doesn't have permission if the same condition is not met, eg:

image

Because roles could also be configured such that users could have permission to Infrastructure but not to read Infrastructure indices, we also need to check on the server side, before running the query, whether the current user has permission to read from Infrastructure indices (see an example here)
@crespocarlos crespocarlos added bug Fixes for quality problems that affect the customer experience Team:obs-ux-infra_services Observability Infrastructure & Services User Experience Team labels Aug 23, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/obs-ux-infra_services-team (Team:obs-ux-infra_services)

@crespocarlos crespocarlos added the RBAC Role Based Access Control label Aug 23, 2024
@crespocarlos
Copy link
Contributor Author

cc @roshan-elastic

@crespocarlos crespocarlos mentioned this issue Aug 23, 2024
Open
@botelastic
Copy link

botelastic bot commented Feb 19, 2025

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@botelastic botelastic bot added the stale Used to mark issues that were closed for being stale label Feb 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience RBAC Role Based Access Control stale Used to mark issues that were closed for being stale Team:obs-ux-infra_services Observability Infrastructure & Services User Experience Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crespocarlos @elasticmachine