mirror of
https://github.com/elastic/kibana.git
synced 2025-06-28 19:13:14 -04:00
847be917a6
## Summary - addresses https://github.com/elastic/kibana/issues/202051 Few observations, based on ticket [description](https://github.com/elastic/kibana/issues/202051): 1. User can update assignees in alert(i.e. update any alert details, which is handled by **SecuritySolution** priv) 2. User can see suggested users in searchbox 3. User **can not** see assignees details(name, avatar) in alerts table column and alerts flyout(that's where error toast originates from) Why this happens? 2 different APIs used to show users in searchbox and user details in alerts table column: 1. API to show users in searchbox: [/internal/detection_engine/users/_find](https://github.com/elastic/kibana/blob/8.18/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/users/suggest_user_profiles_route.ts#L24) It requires `securitySolution` privilege 2. API for alerts table cell: [/internal/security/user_profile/_bulk_get](https://github.com/elastic/kibana/blob/8.18/x-pack/platform/plugins/shared/security/server/routes/user_profile/bulk_get.ts#L20) It requires `bulkGetUserProfiles` privilege User was configured with read only Security Feature, that covers only first API, that's why we see error > API [POST /internal/security/user_profile/_bulk_get] is unauthorized for user, this action is granted by the Kibana privileges [bulkGetUserProfiles] (403) However `bulkGetUserProfiles` is covered by `Cases` feature already. If Cases access will be set to read, user would be able to see assignees details through `/internal/security/user_profile/_bulk_get` API. It happens, because cases API tags include `bulkGetUserProfiles` privilege: https://github.com/elastic/kibana/blob/8.18/x-pack/platform/plugins/shared/cases/common/utils/api_tags.ts#L32, https://github.com/elastic/kibana/blob/8.18/x-pack/solutions/security/packages/features/src/cases/types.ts#L7 This PR includes `bulkGetUserProfiles` privilege in Security Feature: https://github.com/elastic/kibana/pull/211824. Since, it's already present in Cases feature, and user profiles available through Security Solution `/internal/detection_engine/users/_find` API |
||
|---|---|---|
| .. | ||
| aiops | ||
| cases | ||
| cloud | ||
| cloud_security_posture | ||
| console | ||
| content_management | ||
| entity_manager | ||
| es | ||
| features | ||
| file_upload | ||
| grok_debugger | ||
| kibana | ||
| lists | ||
| logs_shared | ||
| logs_ui | ||
| logstash | ||
| management | ||
| maps | ||
| metrics_ui | ||
| ml | ||
| monitoring | ||
| monitoring_collection | ||
| osquery | ||
| search | ||
| searchprofiler | ||
| security | ||
| slos | ||
| spaces | ||
| stats | ||
| status | ||
| synthetics | ||
| telemetry | ||
| transform | ||
| upgrade_assistant | ||
| uptime | ||
| watcher | ||