Merge branch 'master' into use-url-as-instance-id

.github/ISSUE_TEMPLATE/Bug_report_security_solution.md

@@ -1,38 +1,38 @@
----
-name: Bug report for Security Solution
-about: Help us identify bugs in Elastic Security, SIEM, and Endpoint so we can fix them!
-title: '[Security Solution]'
-labels: 'Team: SecuritySolution'
----
-
-**Describe the bug:**
-
-**Kibana/Elasticsearch Stack version:**
-
-**Server OS version:**
-
-**Browser and Browser OS versions:**
-
-**Elastic Endpoint version:**
-
-**Original install method (e.g. download page, yum, from source, etc.):**
-
-**Functional Area (e.g. Endpoint management, timelines, resolver, etc.):**
-
-**Steps to reproduce:**
-
-1.
-2.
-3.
-
-**Current behavior:**
-
-**Expected behavior:**
-
-**Screenshots (if relevant):**
-
-**Errors in browser console (if relevant):**
-
-**Provide logs and/or server output (if relevant):**
-
-**Any additional context (logs, chat logs, magical formulas, etc.):**
+---
+name: Bug report for Security Solution
+about: Help us identify bugs in Elastic Security, SIEM, and Endpoint so we can fix them!
+title: '[Security Solution]'
+labels: 'bug, Team: SecuritySolution'
+---
+
+**Describe the bug:**
+
+**Kibana/Elasticsearch Stack version:**
+
+**Server OS version:**
+
+**Browser and Browser OS versions:**
+
+**Elastic Endpoint version:**
+
+**Original install method (e.g. download page, yum, from source, etc.):**
+
+**Functional Area (e.g. Endpoint management, timelines, resolver, etc.):**
+
+**Steps to reproduce:**
+
+1.
+2.
+3.
+
+**Current behavior:**
+
+**Expected behavior:**
+
+**Screenshots (if relevant):**
+
+**Errors in browser console (if relevant):**
+
+**Provide logs and/or server output (if relevant):**
+
+**Any additional context (logs, chat logs, magical formulas, etc.):**

docs/management/advanced-options.asciidoc

@@ -11,6 +11,13 @@ values.
 . Enter a new value for the setting.
 . Click *Save changes*.
 
+[float]
+=== Required permissions
+
+The `Advanced Settings` {kib} privilege is required to access *Advanced Settings*.
+
+To add the privilege, open the menu, then click *Stack Management > Roles*.
+
 
 [float]
 [[settings-read-only-access]]

docs/management/alerting/alerts-and-actions-intro.asciidoc

@@ -24,3 +24,8 @@ The *Alerts and Actions* UI only shows alerts and connectors for the current spa
 can be managed through the <<watcher-ui, Watcher UI>>. See
 <<alerting-concepts-differences>> for more information.
 ============================================================================
+
+[float]
+=== Required permissions
+
+Access to alerts and actions is granted based on your privileges to alerting-enabled features. See <<alerting-security, Alerting Security>> for more information.

docs/management/managing-beats.asciidoc

@@ -29,6 +29,13 @@ more information, see https://www.elastic.co/subscriptions and
 enrollment and configuration process step by step the first time you use the
 Central Management UI.
 
+[float]
+=== Required permissions
+
+You must have the `beats_admin` role assigned to use **{beats} Central Management**
+
+To assign the role, open the menu, then click *Stack Management > Users*.
+
 
 [float]
 === Enroll {beats}

docs/management/managing-fields.asciidoc

@@ -7,6 +7,13 @@ the index patterns that retrieve your data from {es}.
 [role="screenshot"]
 image::images/management-index-patterns.png[]
 
+[float]
+=== Required permissions
+
+The `Index Pattern Management` {kib} privilege is required to access the *Index patterns* UI.
+
+To add the privilege, open the menu, then click *Stack Management > Roles*.
+
 [float]
 === Create an index pattern
 

docs/management/managing-saved-objects.asciidoc

@@ -10,6 +10,16 @@ To get started, open the main menu, then click *Stack Management > Saved Objects
 [role="screenshot"]
 image::images/management-saved-objects.png[Saved Objects]
 
+[float]
+=== Required permissions
+
+The `Saved Objects Management` {kib} privilege is required to access the *Saved Objects* UI.
+
+To add the privilege, open the menu, then click *Stack Management > Roles*.
+
+NOTE:
+Granting access to Saved Objects Management will authorize users to manage all saved objects in {kib}, including objects that are managed by applications they may not otherwise be authorized to access.
+
 
 [float]
 [[managing-saved-objects-view]]

docs/spaces/index.asciidoc

@@ -25,6 +25,11 @@ Kibana supports spaces in several ways.  You can:
 * <<spaces-default-route, Configure a Space-level landing page>>
 * <<spaces-delete-started, Disable the Spaces feature>>
 
+[float]
+==== Required permissions
+
+The `kibana_admin` role or equivilent is required to manage **Spaces**.
+
 [float]
 [[spaces-managing]]
 === View, create, and delete spaces

docs/user/introduction.asciidoc

@@ -112,7 +112,7 @@ You can even choose which features to enable within each space. Don’t need
 Machine learning in your “Executive” space? Simply turn it off.
 
 [role="screenshot"]
-image::images/intro-spaces.jpg[]
+image::images/intro-spaces.png[Space selector screen]
 
 You can take this all one step further with Kibana’s security features, and
 control which users have access to each space. {kib} allows for fine-grained

docs/user/management.asciidoc

@@ -6,6 +6,10 @@
 *Stack Management* is home to UIs for managing all things Elastic Stack—
 indices, clusters, licenses, UI settings, index patterns, spaces, and more.
 
+
+Access to individual features is governed by {es} and {kib} privileges.
+Consult your administrator if you do not have the appropriate access.
+
 [float]
 [[manage-ingest]]
 == Ingest

docs/user/security/authorization/index.asciidoc

@@ -12,7 +12,12 @@ NOTE: When running multiple tenants of {kib} by changing the `kibana.index` in y
 [[xpack-kibana-role-management]]
 === {kib} role management
 
-To create a role that grants {kib} privileges, open the main menu, click *Stack Management > Roles*, then click *Create role*. 
+To create a role that grants {kib} privileges, open the menu, then click *Stack Management > Roles* and click **Create role**.
+
+[float]
+==== Required permissions
+
+The `manage_security` cluster privilege is required to access role management.
 
 [[adding_kibana_privileges]]
 ==== Adding {kib} privileges

docs/user/security/index.asciidoc

@@ -10,6 +10,12 @@ auditing. For more information, see
 {ref}/secure-cluster.html[Secure a cluster] and
 <<using-kibana-with-security,Configuring Security in {kib}>>.
 
+[float]
+=== Required permissions
+
+The `manage_security` cluster privilege is required to access all Security features.
+
+
 [float]
 === Users
 

docs/user/security/role-mappings/index.asciidoc

@@ -19,6 +19,11 @@ With *Role mappings*, you can:
 [role="screenshot"]
 image:user/security/role-mappings/images/role-mappings-grid.png["Role mappings"]
 
+[float]
+==== Required permissions
+
+The `manage_security` cluster privilege is required to manage Role Mappings.
+
 
 [float]
 === Create a role mapping

src/plugins/discover/public/application/angular/context_app.html

@@ -10,7 +10,6 @@
 >
 </kbn-top-nav>
 
-
 <!-- Error feedback -->
 <context-error-message
   status="contextApp.state.loadingStatus.anchor.status"
@@ -21,43 +20,23 @@
   class="kuiViewContent kuiViewContentItem"
   ng-if="contextApp.state.loadingStatus.anchor.status !== contextApp.constants.LOADING_STATUS.FAILED"
 >
-  <!-- Controls -->
-  <context-action-bar
-        default-step-size="contextApp.state.queryParameters.defaultStepSize"
-        doc-count="contextApp.state.queryParameters.predecessorCount"
-        doc-count-available="contextApp.state.rows.predecessors.length"
-        is-disabled="contextApp.state.loadingStatus.anchor.status !== contextApp.constants.LOADING_STATUS.LOADED"
-        is-loading="![
-        contextApp.constants.LOADING_STATUS.LOADED,
-        contextApp.constants.LOADING_STATUS.FAILED,
-        ].includes(contextApp.state.loadingStatus.predecessors.status)"
-        on-change-count="contextApp.actions.fetchGivenPredecessorRows"
-        type="'predecessors'"
-  ></context-action-bar>
-
   <!-- Table -->
   <context-app-legacy
     filter="contextApp.actions.addFilter"
     hits="contextApp.state.rows.all"
     index-pattern="contextApp.indexPattern"
     sorting="contextApp.state.queryParameters.sort"
     columns="contextApp.state.queryParameters.columns"
-    infinite-scroll="true"
     minimum-visible-rows="contextApp.state.rows.all.length"
     status="contextApp.state.loadingStatus.anchor.status"
-  ></context-app-legacy>
-
-  <!-- Controls -->
-  <context-action-bar
     default-step-size="contextApp.state.queryParameters.defaultStepSize"
-    doc-count="contextApp.state.queryParameters.successorCount"
-    doc-count-available="contextApp.state.rows.successors.length"
-    is-disabled="contextApp.state.loadingStatus.anchor.status !== contextApp.constants.LOADING_STATUS.LOADED"
-    is-loading="![
-    contextApp.constants.LOADING_STATUS.LOADED,
-    contextApp.constants.LOADING_STATUS.FAILED,
-    ].includes(contextApp.state.loadingStatus.successors.status)"
-    on-change-count="contextApp.actions.fetchGivenSuccessorRows"
-    type="'successors'"
-  ></context-action-bar>
+    predecessor-count="contextApp.state.queryParameters.predecessorCount"
+    predecessor-available="contextApp.state.rows.predecessors.length"
+    predecessor-status="contextApp.state.loadingStatus.predecessors.status"
+    on-change-predecessor-count="contextApp.actions.fetchGivenPredecessorRows"
+    successor-count="contextApp.state.queryParameters.successorCount"
+    successor-available="contextApp.state.rows.successors.length"
+    successor-status="contextApp.state.loadingStatus.successors.status"
+    on-change-successor-count="contextApp.actions.fetchGivenSuccessorRows"
+  ></context-app-legacy>
 </main>