From b9cb0d3e435986754fd36b00cd077600cf15163e Mon Sep 17 00:00:00 2001
From: Elena Shostak <elena.shostak@elastic.co>
Date: Tue, 8 Oct 2024 11:41:35 +0200
Subject: [PATCH 1/2] [Authz] Adjusted forbidden message for new security route
 configuration

---
 .../server/authorization/api_authorization.ts    | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/x-pack/plugins/security/server/authorization/api_authorization.ts b/x-pack/plugins/security/server/authorization/api_authorization.ts
index ba38d9ca0aa20..8931418a563a0 100644
--- a/x-pack/plugins/security/server/authorization/api_authorization.ts
+++ b/x-pack/plugins/security/server/authorization/api_authorization.ts
@@ -87,17 +87,17 @@ export function initAPIAuthorization(
           const missingPrivileges = Object.keys(kibanaPrivileges).filter(
             (key) => !kibanaPrivileges[key]
           );
-          logger.warn(
-            `User not authorized for "${request.url.pathname}${
-              request.url.search
-            }", responding with 403: missing privileges: ${missingPrivileges.join(', ')}`
-          );
+          const forbiddenMessage = `API [${request.route.method.toLocaleUpperCase('en')} ${
+            request.url.pathname
+          }${
+            request.url.search
+          }] is unauthorized for user, this action is granted by the Kibana privileges [${missingPrivileges}]`;
+
+          logger.warn(`Responding with 403: ${forbiddenMessage}}`);
 
           return response.forbidden({
             body: {
-              message: `User not authorized for ${request.url.pathname}${
-                request.url.search
-              }, missing privileges: ${missingPrivileges.join(', ')}`,
+              message: forbiddenMessage,
             },
           });
         }

From 0fba6126a43aa863d30826edf4e54308638ca565 Mon Sep 17 00:00:00 2001
From: Elena Shostak <elena.shostak@elastic.co>
Date: Thu, 10 Oct 2024 10:35:51 +0200
Subject: [PATCH 2/2] Fixes

---
 .../security/server/authorization/api_authorization.ts        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/x-pack/plugins/security/server/authorization/api_authorization.ts b/x-pack/plugins/security/server/authorization/api_authorization.ts
index 8931418a563a0..9c67ff8bdff8b 100644
--- a/x-pack/plugins/security/server/authorization/api_authorization.ts
+++ b/x-pack/plugins/security/server/authorization/api_authorization.ts
@@ -87,13 +87,13 @@ export function initAPIAuthorization(
           const missingPrivileges = Object.keys(kibanaPrivileges).filter(
             (key) => !kibanaPrivileges[key]
           );
-          const forbiddenMessage = `API [${request.route.method.toLocaleUpperCase('en')} ${
+          const forbiddenMessage = `API [${request.route.method.toUpperCase()} ${
             request.url.pathname
           }${
             request.url.search
           }] is unauthorized for user, this action is granted by the Kibana privileges [${missingPrivileges}]`;
 
-          logger.warn(`Responding with 403: ${forbiddenMessage}}`);
+          logger.warn(forbiddenMessage);
 
           return response.forbidden({
             body: {