-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Roles with legacy "Fleet and Integrations" privilege are malformed #130554
Comments
Pinging @elastic/fleet (Team:Fleet) |
I think the reason |
This is exactly what I needed for my users to be able to see that they have correctly installed their Agents and that the agent is online. |
@joshdover |
@joshdover hopefully I've described my use case the right way |
Kibana version:
8.1.0+
Describe the bug:
In older versions of Kibana, "Fleet and Integrations" was a single feature (id:
fleet
):Starting in the 8.1.0 release, this feature was renamed to "Integrations" and a separate feature was added for "Fleet" (id:
fleetv2
):In this release, both features add a new restriction that requires "All spaces" to be selected, as indicated by the tooltip icons in the second screenshot above.
However, that new restriction was introduced for the existing "Integrations" feature and that is a breaking change.
If an operator created a role prior to 8.1 that breaks this restriction, Kibana doesn't know how to transform the role and subsequently throws an error when viewing the page for that role:
If any users created a role prior to 8.1 that (a) granted access to an explicit list of spaces (not "All spaces") and (b) granted access to the "Fleet and Integrations" (either All or Read), then after upgrading to 8.1 the role page would show an error:
Steps to reproduce:
All
orRead
)Expected behavior:
This restriction should not be applied to the Integrations feature.
Any additional context:
It appears this restriction was accidentally added in #122347 😓
The text was updated successfully, but these errors were encountered: