Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Add technical preview banner for new granular Fleet permissions #179546

Closed
kpollich opened this issue Mar 27, 2024 · 3 comments · Fixed by #179889
Closed

[Fleet] Add technical preview banner for new granular Fleet permissions #179546

kpollich opened this issue Mar 27, 2024 · 3 comments · Fixed by #179889
Labels
Team:Fleet Team label for Observability Data Collection Fleet team

Comments

@kpollich
Copy link
Member

In #178006, we added new granular Fleet permissions for separate read/write access to Fleet resources. This functionality sits behind a feature flag today, and we should add a technical preview banner to Fleet's global layout when a role with these new privileges are in use.

Logically speaking, the check for whether one of these new privileges is in use is essentially "if the current user has access to fleet but does not have the fleet:all privilege, they are using a new granular privilege".

We should also explore whether it's possible to add a technical preview badge/tooltip/etc to the actual role creator UI.
@kpollich kpollich added the Team:Fleet Team label for Observability Data Collection Fleet team label Mar 27, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@nchaulet nchaulet mentioned this issue Apr 3, 2024
Merged
@nchaulet
Copy link
Member

nchaulet commented Apr 3, 2024

if we want to a banner the condition will something like

const authz = useAuthz();
    const isAuthzInTechnicalPreview =
      !authz.fleet.readAgentPolicies || !authz.fleet.readAgents || !authz.fleet.readSettings;

kpollich added a commit that referenced this issue Apr 12, 2024
@nchaulet @kpollich
@kibanamachine @juliaElastic
[Fleet] Enable subfeature privileges (#179889)
c837518 
## Summary

Resolve [#179546](#179546)

Enable subfeature privileges.

Added a message in the tooltip that feature is in technical preview.

<img width="788" alt="Screenshot 2024-04-03 at 2 28 54 PM"
src="https://github.com/elastic/kibana/assets/1336873/cbc3f963-2b8c-40a7-8450-e5949ce4e19d">


## Release note

Add subfeatures privileges for Fleet, for Agents, Agent policies and
Settings, that feature is in technical preview and may be changed or
removed completely in a future release.

---------

Co-authored-by: Kyle Pollich <[email protected]>
Co-authored-by: Kibana Machine <[email protected]>
Co-authored-by: Julia Bardi <[email protected]>
@jen-huang
Copy link
Contributor

Reopening since the work was reverted in #180700

@kpollich Maybe close this again as Won't fix since we won't go the way of having a technical release for this?

@jen-huang jen-huang reopened this Apr 13, 2024
@kpollich kpollich closed this as not planned Won't fix, can't repro, duplicate, stale Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Team:Fleet Team label for Observability Data Collection Fleet team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Fleet] Enable subfeature privileges nchaulet/kibana
4 participants
@nchaulet @jen-huang @kpollich @elasticmachine