Delete Filters in Dashboards are not appearing for readonly roles after ROR

Daedelus · July 6, 2018, 2:51pm

@sscarduzio Noticed something i wanted to bring to your attention. After installing ROR Pro, In the dashboards, when we select a visualization, and drill down into a specific time interval, in a readonly role, the “delete” icon has disappeared.
While we want readonly capabilities across the kibana stack as intended, the “delete” icon is something we dont want removed as its a very common feature that people use to delete filters on the dashboards and it doesnt impact and write functionality. Is there a way for us to fix the ACL rule so as to allow this? PS : not sure if this is a bug because of the “ro” access in kibana_access entry!

- name: "::RO::"
  auth_key: converse:converseread
  kibana_access: ro
  indices: [ ".kibana", ".kibana-devnull", "logstash-*"]
  kibana_hide_apps: ["readonlyrest_kbn", "timelion", "kibana:dev_tools", "kibana:management"]
  verbosity: info

sscarduzio · July 6, 2018, 3:07pm

Hi Roger, I really think the absence of the delete button is coming from ROR UI mods in case the kibana access of the current user is RO or RO strict.

A workaround is to add custom style tag via the kibana.yml file and change the visibility of that specific CSS selector. Will have a look and try to not hide it from the next version of ROR PRO/Enterprise.

Daedelus · July 6, 2018, 4:14pm

thanks @sscarduzio - that will be great. For now we are telling our users to refresh the whole screen to go back to default filterless view. this will only be a problem for the users who are enabling multiple filters and want to delete them one by one but we can live with it until the release!

cheers

Daedelus · July 10, 2018, 6:00pm

@sscarduzio Any idea when this could be targetted for release? FYI we are targetting a release for the day after 7/12 EST. Were curious to see if the overlay fix for enabling delete filters even on “ro” could be available before that? No worries if this isn’t possible.

sscarduzio · July 10, 2018, 6:21pm

Hi Roger,

Please test 1.16.22, there is a fix already.

Daedelus · July 10, 2018, 7:00pm

odd. I logged in as an “ro” user but i still don’t see the delete icon.

it does appear in the “rw” role

sscarduzio · July 11, 2018, 6:21am

Strange, what browser is this? I have those in my dev env. No cache involved?

Daedelus · July 13, 2018, 1:52pm

hey @sscarduzio
We tried this on different platforms (windows/MacOS) - deleted cache as well as worked in incognito mode (All in Chrome). Went live and this is also replicated in our PROD environment. Let me know if you need any specific info/dev tool logs etc from me to help debug this?

sscarduzio · July 14, 2018, 8:01am

OK Chrome should definitely work with the selector we are using. Let me try to reproduce this using a stock ES & Kibana distribution, so that I replicate your environment more closely.

sscarduzio · July 14, 2018, 8:45am

Hi Roger,
I just installed the latest ROR on a stock Kibana instance downloaded from Elastic website.

sscarduzio@hilbert:/me/tmp/kibana-6.3.0-darwin-x86_64$ cat plugins/readonlyrest_kbn/package.json  |grep version
  "version": "1.16.22",
    "version": "6.3.0"

Then I created a kibana_access: ro user called “rouser”

Then I logged in as “rouser” and added a filter to the “discover” view. Hovered over the filter and the icons are there. Also works if I press the said icons.

Not sure what’s the difference between my and your environment at this point.

Daedelus · July 16, 2018, 1:27pm

hey @sscarduzio - I can replicate what you are seeing on local but not on AWS EC2. Any chance you tried this on the cloud?

sscarduzio · July 16, 2018, 2:15pm

I tried this locally too. Why should it be any different? Any caching in between you and your deployment?

Daedelus · July 16, 2018, 2:32pm

Nope - let me walk through our deployment.

Create 6.3.0 Stack using CFTs
Install ROR on Elastic through User-Data
Install ROR on Kibana through User-Data
Ping “awating optimization of browser bundles”
Test Kibana Dashboards through RO and RW roles.

Each deloyment is transactionally isolated and brand new. Our proxies are pass through and don’t cache requests as well (i thought perhaps some problems over there). So technically, there’s no difference between the way we spin up our stack on local vs EC2.

sscarduzio · July 16, 2018, 2:35pm

So well, nothing comes to mind except super basic suggestions like: is the user data script pulling the right ROR build for Kibana?

Daedelus · July 16, 2018, 2:58pm

Looks like the right one.

Daedelus · July 16, 2018, 4:44pm

Also attaching my ROR ACL.

- name: "::RO::"
  auth_key: readonly:readonly
  kibana_access: ro
  indices: [ ".kibana", ".kibana-devnull", "logstash-*"]
  kibana_hide_apps: ["readonlyrest_kbn", "apm", "monitoring", "timelion", "kibana:dev_tools", "kibana:management"]
  verbosity: info

Daedelus · July 17, 2018, 4:16am

It turned out that one of our plugins was overwrriting the commons.styles CSS file where you had put the fixes.
After changing the order of install, the delete filter fix was visible.
Thanks @sscarduzio. We’re good with this fix