Skip to content

Rules exceptions subfeatures #243095

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 46 commits into
base: main
Choose a base branch
from
Draft

Rules exceptions subfeatures #243095

wants to merge 46 commits into from
+5,500 −1,857

Conversation

@dhurley14
Copy link
Contributor

@dhurley14 dhurley14 commented Nov 14, 2025

Summary

Summarize your PR. If it involves visual changes include a screenshot or gif.

Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

  • Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
  • Documentation was added for features that require explanation or tutorials
  • Unit or functional tests were updated or added to match the most common scenarios
  • If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
  • This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The release_note:breaking label should be applied in these situations.
  • Flaky Test Runner was used on any tests changed
  • The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines
  • Review the backport guidelines and apply applicable backport:* labels.

Identify risks

Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.

Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.

rylnd and others added 30 commits October 29, 2025 16:12
@rylnd @denar50
Introduces Rules feature and subsequent app changes
958deed 
This does not include changes to existing roles, nor the role migration
machinery.
@rylnd @denar50
style: revert linting changes to large yaml/JSON files
4e60d94 
These changes were made automatically in an initial commit that added
our new features to roles; those changes have since been reverted
(320c34f), and thus there should not currently be any behavioral
changes in these files, which makes these stylistic changes even more
unnecessary.

Note: I also noticed that a few old references had (accidentally?)
remained in `security_roles.json` after `320c34f485`; this cleans those
up as well.
@denar50
update the siem migrations required permissions
02765d8 
Instead of requiring siemVX read/all, it now requires securitySolutionRulesV1 read/all
@denar50
update attack discovery required permissions
b35f598
@denar50
update timeline required permissions
686745e
@denar50
fix onboarding sections
2f7cff4 
It is unclear on wether "dashboards" and "integrations" should be exclusive to `siemV5` or `securitySolutionRulesV1`. So for now we are showing it when the user has either of those.
@kibanamachine @denar50
[CI] Auto-commit changed files from 'node scripts/eslint_all_files --…
4cb8ba0 
…no-cache --fix'
@denar50
allow alert management operations for roles with read only access
65d000a 
This is the current behaviour accoring do the documentation https://www.elastic.co/docs/solutions/security/detect-and-alert/detections-requirements.
@denar50
fix create shared exception list endpoint
d70db6e 
Now it requires the `securitySolutionRulesV1.all` privilege
@denar50
fix unit test
3cc5064
@dplumlee
fixes bulk_action route to allow export on rules-read
4738084
@kibanamachine
Changes from node scripts/eslint_all_files --no-cache --fix
191d62c
@denar50
fix cypress test: endpoint_role_rbac_with_space_awareness.cy.ts
5ed674e 
No security subfeature is required in all spaces anymore. The test was failing because the `siemV5` feature file never got updated and it was still referencing a feature flag that has been enabled and removed in `main`.
The feature flag in question is `endpointManagementSpaceAwarenessEnabled` which was being used to override the subfeature configuration by setting `requireAllSpaces=false` and `privilegesTooltip=undefined`. Now that the feature flag doesn't exist, it makes sense to remove these properties directly in the subfeature configuration instead of overriding them outside of it.
@denar50
Merge branch 'main' into rules-rbac-new
0ceb610
@kibanamachine
Changes from node scripts/eslint_all_files --no-cache --fix
f2b15ee
@denar50
fix manage value lists button disabled for rules-all
f47b16e 
The logic to show it was relying on the old siemPrivileges, however value lists is now under rules.
@dplumlee
fix showing rule update callouts when users don't have rules-all
51c9819
@denar50
fix authorization tests
603be1f 
Reshuffling privileges and removal of alerting privileges from siemV5. These alerting privileges exist exclusively in securitySolutionRulesV1
@denar50
Merge branch 'main' into rules-rbac-new
9089355
@rylnd
Merge branch 'main' into rules-rbac-new
33896fa 
This notably includes the fix to the infinite loop on the alerts page
when a role lacks sufficient lists privileges.
@denar50
Merge remote-tracking branch 'upstream/main' into rules-rbac-1
319a17b
@denar50
add missing socManagement sub feature config to siemV4 and siemV5
80ce6a5
@denar50
fix ai4soc cypress test
17018e6 
The test broke after merging main into the branch
@denar50
add missing siemV5 case to trusted devices rbac cypress test
11b9349
@denar50
fix authorization tests after new ai4soc changes
63635af
@denar50
fix api privileges tests after ai4soc changes
daa8579
@dplumlee
fixes respectLicenseLevel test that broke merging upstream
dd43f8b
@denar50
Merge branch 'main' into rules-rbac-new
fc6baad
@denar50
add cypress tests for the rules management page
5b544bc
@dplumlee
removes unused code and resolves PR TODOs
698722a
@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 14, 2025

🤖 Jobs for this PR can be triggered through checkboxes. 🚧

ℹ️ To trigger the CI, please tick the checkbox below 👇

  • Click to trigger kibana-pull-request for this PR!
  • Click to trigger kibana-deploy-project-from-pr for this PR!
  • Click to trigger kibana-deploy-cloud-from-pr for this PR!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@dhurley14 @elasticmachine @rylnd @denar50 @kibanamachine @dplumlee