Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rules with "Stack Rules" role visibility are not visible for the users with kibana_admin role #193549

Closed
Tracked by #187202
ersin-erdal opened this issue Sep 20, 2024 · 2 comments · Fixed by #194615
Closed
Tracked by #187202

Rules with "Stack Rules" role visibility are not visible for the users with kibana_admin role #193549

ersin-erdal opened this issue Sep 20, 2024 · 2 comments · Fixed by #194615
Assignees
@cnasikas
Labels
bug Fixes for quality problems that affect the customer experience Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@ersin-erdal
Copy link
Contributor

This issue has emerged from an SDH.

There are 3 rule types that has Role Visibility option:
Elasticsearch query, Custom Threshold and Anomaly Detection.

For a user with kibana_system, monitoring_user, kibana_admin roles:

  1. "Stack Rules" option is not displayed in the Role Visibility selectbox.
  2. Above rules are not displayed when they have "Stack Rules" role visibility.

Only Elasticsearch rule becomes visible if a role with Stack Rules kibana privilege is assigned to the user.
This doesn't work for the other two rule types.

To reproduce the issue:

  1. Login with superadmin (elastic)
  2. Create a user with kibana_system, monitoring_user, kibana_admin roles.
  3. Create one of the above rules with "Stack Rules" role visibility.
  4. Logout and login with the user you have created.
  5. Go to Stack Management > Rules page.
  6. The rule is not displayed on the page

Expected behaviour: Rule to be displayed on the page.
@botelastic botelastic bot added the needs-team Issues missing a team label label Sep 20, 2024
@cnasikas cnasikas added bug Fixes for quality problems that affect the customer experience Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework and removed needs-team Issues missing a team label labels Sep 20, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@ersin-erdal
Copy link
Contributor Author

There is also the following issue created before: #191075

@cnasikas cnasikas changed the title Rules with "Stack Rules" role visibility are visible for the users with kibana_admin role Rules with "Stack Rules" role visibility are not visible for the users with kibana_admin role Sep 20, 2024
@cnasikas cnasikas self-assigned this Sep 21, 2024
@cnasikas cnasikas mentioned this issue Sep 21, 2024
Open
@cnasikas cnasikas mentioned this issue Oct 1, 2024
Merged
3 tasks
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Oct 6, 2024
@cnasikas
[ResponseOps][Alerting] Register anomaly detection and custom thresho…
565b8ee 
…ld rule types under stack alerts feature privilege (elastic#194615)

## Summary

In the ES query, anomaly detection, and custom threshold rule types
users can use the "Role visibility" dropdown to select where the rules
should be accessible. The "Role visibility" dropdown sets the `consumer`
which is paramount for alerting RBAC. For the anomaly detection and
custom threshold rule types if the `consumer` is set to `stackAlerts`
then the rules will not be accessible from any rule page even if the
user has access to the "Stack alerts" feature privilege. This PR fixes
this bug.

Fixes elastic#193549
Fixes elastic#191075
Fixes elastic#184422
Fixes elastic#179082

## Testing

1. Create an anomaly detection and custom threshold rule and set the
"Role visibility" to "Stack alerts".
2. Create a user with access only to "Stack alerts".
3. Login with the user created in Step 2.
4. Verify that you can see the rules from the stack management page.
5. Verify that you can see the alerts generated from the rules.
6. Create a user with roles `kibana_admin` and verify the same.

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

## Release notes

Fix bug where rule types with "Stack alerts" role visibility are not
being shown in the stack management page

(cherry picked from commit 8d83a07)
cnasikas added a commit to cnasikas/kibana that referenced this issue Oct 6, 2024
@cnasikas
[ResponseOps][Alerting] Register anomaly detection and custom thresho…
17fd1ed 
…ld rule types under stack alerts feature privilege (elastic#194615)

## Summary

In the ES query, anomaly detection, and custom threshold rule types
users can use the "Role visibility" dropdown to select where the rules
should be accessible. The "Role visibility" dropdown sets the `consumer`
which is paramount for alerting RBAC. For the anomaly detection and
custom threshold rule types if the `consumer` is set to `stackAlerts`
then the rules will not be accessible from any rule page even if the
user has access to the "Stack alerts" feature privilege. This PR fixes
this bug.

Fixes elastic#193549
Fixes elastic#191075
Fixes elastic#184422
Fixes elastic#179082

## Testing

1. Create an anomaly detection and custom threshold rule and set the
"Role visibility" to "Stack alerts".
2. Create a user with access only to "Stack alerts".
3. Login with the user created in Step 2.
4. Verify that you can see the rules from the stack management page.
5. Verify that you can see the alerts generated from the rules.
6. Create a user with roles `kibana_admin` and verify the same.

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

## Release notes

Fix bug where rule types with "Stack alerts" role visibility are not
being shown in the stack management page

(cherry picked from commit 8d83a07)

# Conflicts:
#	x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/find.ts
cnasikas added a commit that referenced this issue Oct 7, 2024
@cnasikas
[8.15] [ResponseOps][Alerting] Register anomaly detection and custom …
6b6babb 
…threshold rule types under stack alerts feature privilege (#194615) (#195173)

# Backport

This will backport the following commits from `main` to `8.15`:
- [[ResponseOps][Alerting] Register anomaly detection and custom
threshold rule types under stack alerts feature privilege
(#194615)](#194615)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Christos
Nasikas","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-06T11:46:44Z","message":"[ResponseOps][Alerting]
Register anomaly detection and custom threshold rule types under stack
alerts feature privilege (#194615)\n\n## Summary\r\n\r\nIn the ES query,
anomaly detection, and custom threshold rule types\r\nusers can use the
\"Role visibility\" dropdown to select where the rules\r\nshould be
accessible. The \"Role visibility\" dropdown sets the
`consumer`\r\nwhich is paramount for alerting RBAC. For the anomaly
detection and\r\ncustom threshold rule types if the `consumer` is set to
`stackAlerts`\r\nthen the rules will not be accessible from any rule
page even if the\r\nuser has access to the \"Stack alerts\" feature
privilege. This PR fixes\r\nthis bug.\r\n\r\nFixes
https://github.com/elastic/kibana/issues/193549\r\nFixes
https://github.com/elastic/kibana/issues/191075\r\nFixes
https://github.com/elastic/kibana/issues/184422\r\nFixes
https://github.com/elastic/kibana/issues/179082\r\n\r\n##
Testing\r\n\r\n1. Create an anomaly detection and custom threshold rule
and set the\r\n\"Role visibility\" to \"Stack alerts\".\r\n2. Create a
user with access only to \"Stack alerts\".\r\n3. Login with the user
created in Step 2.\r\n4. Verify that you can see the rules from the
stack management page.\r\n5. Verify that you can see the alerts
generated from the rules.\r\n6. Create a user with roles `kibana_admin`
and verify the same.\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n### For maintainers\r\n\r\n- [x]
This was checked for breaking API changes and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n##
Release notes\r\n\r\nFix bug where rule types with \"Stack alerts\" role
visibility are not\r\nbeing shown in the stack management
page","sha":"8d83a075f6228bb5a6e35a9bb4654fe29cee0cff","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:ResponseOps","v9.0.0","Feature:Alerting/RulesFramework","backport:prev-major","v8.16.0","v8.15.3"],"number":194615,"url":"https://github.com/elastic/kibana/pull/194615","mergeCommit":{"message":"[ResponseOps][Alerting]
Register anomaly detection and custom threshold rule types under stack
alerts feature privilege (#194615)\n\n## Summary\r\n\r\nIn the ES query,
anomaly detection, and custom threshold rule types\r\nusers can use the
\"Role visibility\" dropdown to select where the rules\r\nshould be
accessible. The \"Role visibility\" dropdown sets the
`consumer`\r\nwhich is paramount for alerting RBAC. For the anomaly
detection and\r\ncustom threshold rule types if the `consumer` is set to
`stackAlerts`\r\nthen the rules will not be accessible from any rule
page even if the\r\nuser has access to the \"Stack alerts\" feature
privilege. This PR fixes\r\nthis bug.\r\n\r\nFixes
https://github.com/elastic/kibana/issues/193549\r\nFixes
https://github.com/elastic/kibana/issues/191075\r\nFixes
https://github.com/elastic/kibana/issues/184422\r\nFixes
https://github.com/elastic/kibana/issues/179082\r\n\r\n##
Testing\r\n\r\n1. Create an anomaly detection and custom threshold rule
and set the\r\n\"Role visibility\" to \"Stack alerts\".\r\n2. Create a
user with access only to \"Stack alerts\".\r\n3. Login with the user
created in Step 2.\r\n4. Verify that you can see the rules from the
stack management page.\r\n5. Verify that you can see the alerts
generated from the rules.\r\n6. Create a user with roles `kibana_admin`
and verify the same.\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n### For maintainers\r\n\r\n- [x]
This was checked for breaking API changes and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n##
Release notes\r\n\r\nFix bug where rule types with \"Stack alerts\" role
visibility are not\r\nbeing shown in the stack management
page","sha":"8d83a075f6228bb5a6e35a9bb4654fe29cee0cff"}},"sourceBranch":"main","suggestedTargetBranches":["8.15"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/194615","number":194615,"mergeCommit":{"message":"[ResponseOps][Alerting]
Register anomaly detection and custom threshold rule types under stack
alerts feature privilege (#194615)\n\n## Summary\r\n\r\nIn the ES query,
anomaly detection, and custom threshold rule types\r\nusers can use the
\"Role visibility\" dropdown to select where the rules\r\nshould be
accessible. The \"Role visibility\" dropdown sets the
`consumer`\r\nwhich is paramount for alerting RBAC. For the anomaly
detection and\r\ncustom threshold rule types if the `consumer` is set to
`stackAlerts`\r\nthen the rules will not be accessible from any rule
page even if the\r\nuser has access to the \"Stack alerts\" feature
privilege. This PR fixes\r\nthis bug.\r\n\r\nFixes
https://github.com/elastic/kibana/issues/193549\r\nFixes
https://github.com/elastic/kibana/issues/191075\r\nFixes
https://github.com/elastic/kibana/issues/184422\r\nFixes
https://github.com/elastic/kibana/issues/179082\r\n\r\n##
Testing\r\n\r\n1. Create an anomaly detection and custom threshold rule
and set the\r\n\"Role visibility\" to \"Stack alerts\".\r\n2. Create a
user with access only to \"Stack alerts\".\r\n3. Login with the user
created in Step 2.\r\n4. Verify that you can see the rules from the
stack management page.\r\n5. Verify that you can see the alerts
generated from the rules.\r\n6. Create a user with roles `kibana_admin`
and verify the same.\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n### For maintainers\r\n\r\n- [x]
This was checked for breaking API changes and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n##
Release notes\r\n\r\nFix bug where rule types with \"Stack alerts\" role
visibility are not\r\nbeing shown in the stack management
page","sha":"8d83a075f6228bb5a6e35a9bb4654fe29cee0cff"}},{"branch":"8.x","label":"v8.16.0","labelRegex":"^v8.16.0$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/195171","number":195171,"state":"MERGED","mergeCommit":{"sha":"a89a5388b4685304d2a1ec3e3d2ed8e75d833841","message":"[8.x]
[ResponseOps][Alerting] Register anomaly detection and custom threshold
rule types under stack alerts feature privilege (#194615) (#195171)\n\n#
Backport\n\nThis will backport the following commits from `main` to
`8.x`:\n- [[ResponseOps][Alerting] Register anomaly detection and
custom\nthreshold rule types under stack alerts feature
privilege\n(#194615)](https://github.com/elastic/kibana/pull/194615)\n\n<!---
Backport version: 9.4.3 -->\n\n### Questions ?\nPlease refer to the
[Backport
tool\ndocumentation](https://github.com/sqren/backport)\n\n<!--BACKPORT
[{\"author\":{\"name\":\"Christos\nNasikas\",\"email\":\"[email protected]\"},\"sourceCommit\":{\"committedDate\":\"2024-10-06T11:46:44Z\",\"message\":\"[ResponseOps][Alerting]\nRegister
anomaly detection and custom threshold rule types under stack\nalerts
feature privilege (#194615)\\n\\n## Summary\\r\\n\\r\\nIn the ES
query,\nanomaly detection, and custom threshold rule types\\r\\nusers
can use the\n\\\"Role visibility\\\" dropdown to select where the
rules\\r\\nshould be\naccessible. The \\\"Role visibility\\\" dropdown
sets the\n`consumer`\\r\\nwhich is paramount for alerting RBAC. For the
anomaly\ndetection and\\r\\ncustom threshold rule types if the
`consumer` is set to\n`stackAlerts`\\r\\nthen the rules will not be
accessible from any rule\npage even if the\\r\\nuser has access to the
\\\"Stack alerts\\\" feature\nprivilege. This PR fixes\\r\\nthis
bug.\\r\\n\\r\\nFixes\nhttps://github.com//issues/193549\\r\\nFixes\nhttps://github.com//issues/191075\\r\\nFixes\nhttps://github.com//issues/184422\\r\\nFixes\nhttps://github.com//issues/179082\\r\\n\\r\\n##\nTesting\\r\\n\\r\\n1.
Create an anomaly detection and custom threshold rule\nand set
the\\r\\n\\\"Role visibility\\\" to \\\"Stack alerts\\\".\\r\\n2. Create
a\nuser with access only to \\\"Stack alerts\\\".\\r\\n3. Login with the
user\ncreated in Step 2.\\r\\n4. Verify that you can see the rules from
the\nstack management page.\\r\\n5. Verify that you can see the
alerts\ngenerated from the rules.\\r\\n6. Create a user with roles
`kibana_admin`\nand verify the same.\\r\\n\\r\\n\\r\\n###
Checklist\\r\\n\\r\\n- [x] [Unit
or\nfunctional\\r\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\r\\nwere\nupdated
or added to match the most common scenarios\\r\\n- [x]
[Flaky\nTest\\r\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\nwas\\r\\nused
on any tests changed\\r\\n\\r\\n### For maintainers\\r\\n\\r\\n-
[x]\nThis was checked for breaking API changes and
was\n[labeled\\r\\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\\r\\n\\r\\n##\nRelease
notes\\r\\n\\r\\nFix bug where rule types with \\\"Stack alerts\\\"
role\nvisibility are not\\r\\nbeing shown in the stack
management\npage\",\"sha\":\"8d83a075f6228bb5a6e35a9bb4654fe29cee0cff\",\"branchLabelMapping\":{\"^v9.0.0$\":\"main\",\"^v8.16.0$\":\"8.x\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"bug\",\"release_note:fix\",\"Team:ResponseOps\",\"v9.0.0\",\"Feature:Alerting/RulesFramework\",\"backport:prev-major\",\"v8.16.0\",\"v8.15.3\"],\"title\":\"[ResponseOps][Alerting]\nRegister
anomaly detection and custom threshold rule types under stack\nalerts
feature\nprivilege\",\"number\":194615,\"url\":\"https://github.com/elastic/kibana/pull/194615\",\"mergeCommit\":{\"message\":\"[ResponseOps][Alerting]\nRegister
anomaly detection and custom threshold rule types under stack\nalerts
feature privilege (#194615)\\n\\n## Summary\\r\\n\\r\\nIn the ES
query,\nanomaly detection, and custom threshold rule types\\r\\nusers
can use the\n\\\"Role visibility\\\" dropdown to select where the
rules\\r\\nshould be\naccessible. The \\\"Role visibility\\\" dropdown
sets the\n`consumer`\\r\\nwhich is paramount for alerting RBAC. For the
anomaly\ndetection and\\r\\ncustom threshold rule types if the
`consumer` is set to\n`stackAlerts`\\r\\nthen the rules will not be
accessible from any rule\npage even if the\\r\\nuser has access to the
\\\"Stack alerts\\\" feature\nprivilege. This PR fixes\\r\\nthis
bug.\\r\\n\\r\\nFixes\nhttps://github.com//issues/193549\\r\\nFixes\nhttps://github.com//issues/191075\\r\\nFixes\nhttps://github.com//issues/184422\\r\\nFixes\nhttps://github.com//issues/179082\\r\\n\\r\\n##\nTesting\\r\\n\\r\\n1.
Create an anomaly detection and custom threshold rule\nand set
the\\r\\n\\\"Role visibility\\\" to \\\"Stack alerts\\\".\\r\\n2. Create
a\nuser with access only to \\\"Stack alerts\\\".\\r\\n3. Login with the
user\ncreated in Step 2.\\r\\n4. Verify that you can see the rules from
the\nstack management page.\\r\\n5. Verify that you can see the
alerts\ngenerated from the rules.\\r\\n6. Create a user with roles
`kibana_admin`\nand verify the same.\\r\\n\\r\\n\\r\\n###
Checklist\\r\\n\\r\\n- [x] [Unit
or\nfunctional\\r\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\r\\nwere\nupdated
or added to match the most common scenarios\\r\\n- [x]
[Flaky\nTest\\r\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\nwas\\r\\nused
on any tests changed\\r\\n\\r\\n### For maintainers\\r\\n\\r\\n-
[x]\nThis was checked for breaking API changes and
was\n[labeled\\r\\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\\r\\n\\r\\n##\nRelease
notes\\r\\n\\r\\nFix bug where rule types with \\\"Stack alerts\\\"
role\nvisibility are not\\r\\nbeing shown in the stack
management\npage\",\"sha\":\"8d83a075f6228bb5a6e35a9bb4654fe29cee0cff\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[\"8.x\",\"8.15\"],\"targetPullRequestStates\":[{\"branch\":\"main\",\"label\":\"v9.0.0\",\"branchLabelMappingKey\":\"^v9.0.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/194615\",\"number\":194615,\"mergeCommit\":{\"message\":\"[ResponseOps][Alerting]\nRegister
anomaly detection and custom threshold rule types under stack\nalerts
feature privilege (#194615)\\n\\n## Summary\\r\\n\\r\\nIn the ES
query,\nanomaly detection, and custom threshold rule types\\r\\nusers
can use the\n\\\"Role visibility\\\" dropdown to select where the
rules\\r\\nshould be\naccessible. The \\\"Role visibility\\\" dropdown
sets the\n`consumer`\\r\\nwhich is paramount for alerting RBAC. For the
anomaly\ndetection and\\r\\ncustom threshold rule types if the
`consumer` is set to\n`stackAlerts`\\r\\nthen the rules will not be
accessible from any rule\npage even if the\\r\\nuser has access to the
\\\"Stack alerts\\\" feature\nprivilege. This PR fixes\\r\\nthis
bug.\\r\\n\\r\\nFixes\nhttps://github.com//issues/193549\\r\\nFixes\nhttps://github.com//issues/191075\\r\\nFixes\nhttps://github.com//issues/184422\\r\\nFixes\nhttps://github.com//issues/179082\\r\\n\\r\\n##\nTesting\\r\\n\\r\\n1.
Create an anomaly detection and custom threshold rule\nand set
the\\r\\n\\\"Role visibility\\\" to \\\"Stack alerts\\\".\\r\\n2. Create
a\nuser with access only to \\\"Stack alerts\\\".\\r\\n3. Login with the
user\ncreated in Step 2.\\r\\n4. Verify that you can see the rules from
the\nstack management page.\\r\\n5. Verify that you can see the
alerts\ngenerated from the rules.\\r\\n6. Create a user with roles
`kibana_admin`\nand verify the same.\\r\\n\\r\\n\\r\\n###
Checklist\\r\\n\\r\\n- [x] [Unit
or\nfunctional\\r\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\r\\nwere\nupdated
or added to match the most common scenarios\\r\\n- [x]
[Flaky\nTest\\r\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\nwas\\r\\nused
on any tests changed\\r\\n\\r\\n### For maintainers\\r\\n\\r\\n-
[x]\nThis was checked for breaking API changes and
was\n[labeled\\r\\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\\r\\n\\r\\n##\nRelease
notes\\r\\n\\r\\nFix bug where rule types with \\\"Stack alerts\\\"
role\nvisibility are not\\r\\nbeing shown in the stack
management\npage\",\"sha\":\"8d83a075f6228bb5a6e35a9bb4654fe29cee0cff\"}},{\"branch\":\"8.x\",\"label\":\"v8.16.0\",\"branchLabelMappingKey\":\"^v8.16.0$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.15\",\"label\":\"v8.15.3\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"}]}]\nBACKPORT-->\n\nCo-authored-by:
Christos Nasikas
<[email protected]>"}},{"branch":"8.15","label":"v8.15.3","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
tiansivive pushed a commit to tiansivive/kibana that referenced this issue Oct 7, 2024
@cnasikas @tiansivive
[ResponseOps][Alerting] Register anomaly detection and custom thresho…
e6d81c7 
…ld rule types under stack alerts feature privilege (elastic#194615)

## Summary

In the ES query, anomaly detection, and custom threshold rule types
users can use the "Role visibility" dropdown to select where the rules
should be accessible. The "Role visibility" dropdown sets the `consumer`
which is paramount for alerting RBAC. For the anomaly detection and
custom threshold rule types if the `consumer` is set to `stackAlerts`
then the rules will not be accessible from any rule page even if the
user has access to the "Stack alerts" feature privilege. This PR fixes
this bug.

Fixes elastic#193549
Fixes elastic#191075
Fixes elastic#184422
Fixes elastic#179082

## Testing

1. Create an anomaly detection and custom threshold rule and set the
"Role visibility" to "Stack alerts".
2. Create a user with access only to "Stack alerts".
3. Login with the user created in Step 2.
4. Verify that you can see the rules from the stack management page.
5. Verify that you can see the alerts generated from the rules.
6. Create a user with roles `kibana_admin` and verify the same.


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

## Release notes

Fix bug where rule types with "Stack alerts" role visibility are not
being shown in the stack management page
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cnasikas cnasikas

Labels
bug Fixes for quality problems that affect the customer experience Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Milestone
No milestone
3 participants
@cnasikas @elasticmachine @ersin-erdal