[Security Solution] [Detections] Bug fix for read privilege check during rule exec (#86852)

2025-04-24 09:48:58 -04:00 · 2020-12-22 21:14:22 -05:00 · 2020-12-22 21:14:22 -05:00 · 35b10b5354
commit 35b10b5354
parent e3896050fc
2 changed files with 5 additions and 5 deletions
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts
@ -197,13 +197,16 @@ describe('rules_notification_alert_type', () => {
          'myfa*': {
            read: true,
          },
+          'anotherindex*': {
+            read: true,
+          },
          'some*': {
            read: false,
          },
        },
        application: {},
      });
-      payload.params.index = ['some*', 'myfa*'];
+      payload.params.index = ['some*', 'myfa*', 'anotherindex*'];
      await alert.executor(payload);
      expect(ruleStatusService.partialFailure).toHaveBeenCalled();
      expect(ruleStatusService.partialFailure.mock.calls[0][0]).toContain(
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
@ -189,10 +189,7 @@ export const signalRulesAlertType = ({
          (indexName) => privileges.index[indexName].read
        );

-        if (
-          indexesWithReadPrivileges.length > 0 &&
-          indexesWithNoReadPrivileges.length >= indexesWithReadPrivileges.length
-        ) {
+        if (indexesWithReadPrivileges.length > 0 && indexesWithNoReadPrivileges.length > 0) {
          // some indices have read privileges others do not.
          // set a partial failure status
          const errorString = `Missing required read permissions on indexes: ${JSON.stringify(