[8.17] [SecuritySolution] Fix Risk score Insufficient privileges warning missing cluster privileges (#212405) #213387
+121
−76
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
machadoum
force-pushed
the
backport/8.17/pr-212405
branch
from
39cf947 to
275e283
Compare
…sing cluster privileges (elastic#212405) * Fixes Bug: User with no cluster privileges should not be able to enable the risk score When users with no cluster privileges open the risk score page, they don't see any errors and are able to click the install button. This happened because we were only checking for index privileges in the UI, but for the enablement flow we also need to check cluster privileges. I also introduced a new parameter to the missing privileges hook so pages that only need to check for `read` privileges can work as before. https://github.com/user-attachments/assets/fe162005-ee2b-497d-8744-6262e4511d2d * Fixed Bug: The install button was enabled when all toggles were disabled There were too many booleans in the panel, which was confusing and led me to introduce more bugs while trying to fix this one, so I refactored the code to understand it before fixing it. I also simplified the logic to display the modal. Now, it only shows when one of the engines' status is "not_installed" <img width="300" src="https://github.com/user-attachments/assets/a2e8fbba-ac64-4c97-9ef0-ef6fe61e60cd" /> 1. Create a user with security privileges and index privileges but no cluster privileges 2. Go to the risk score page and enable the toggle Check the PR satisfies following conditions. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or (cherry picked from commit b69b696)
machadoum
force-pushed
the
backport/8.17/pr-212405
branch
from
275e283 to
9dc748d
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This will backport the following commits from
mainto8.17:Questions ?
Please refer to the Backport tool documentation