Skip to content

Space Awareness: Update Fleet roles and privileges UI docs #1751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Jul 1, 2025

Conversation

karenzone
Copy link
Contributor

@karenzone karenzone commented Jun 16, 2025

@karenzone karenzone self-assigned this Jun 16, 2025
Copy link

github-actions bot commented Jun 16, 2025

🔍 Preview links for changed docs:

🔔 The preview site may take up to 3 minutes to finish building. These links will become live once it completes.

@karenzone
Copy link
Contributor Author

cc:/ @benironside FYI: Here's a WIP draft of the Fleet UI side of Space Awareness.
Let's talk about how we can collaborate to do this feature up right.

@karenzone karenzone force-pushed the 1142-space-awareness branch from c74eb93 to 2382b66 Compare June 16, 2025 22:40
@karenzone karenzone force-pushed the 1142-space-awareness branch from 2382b66 to 17295f5 Compare June 16, 2025 22:49
Comment on lines 73 to 84
2. To create a read-only user for {{fleet}} and Integrations, set both the **Fleet** and **Integrations** privileges to `Read`.
:::{image} images/kibana-fleet-privileges-read.png
:alt: Kibana privileges flyout showing Fleet and Integrations access set to All
:screenshot:
:::
<br>
3. If you'd like to define more specialized access to {{fleet}} based on individual components, expand the **Fleet** menu and enable **Customize sub-feature privileges**.
:::{image} images/kibana-fleet-privileges-enable.png
:alt: Kibana customize sub-feature privileges UI
:screenshot:
:::
<br>
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Observation on output:: List item 10-1 is numbered as a.. List items 10-2 and 10-3 are numbered as 2. and 3.

Maybe the <br>s I added to increase space after the graphics are throwing numbering off? Interesting that the correct interval is preserved (a, 2, 3), but not the numbering/lettering style.

Copy link
Contributor Author

@karenzone karenzone Jun 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update: After I removed the <br>s, the sub-steps are numbering correctly (a, b, c) in a local build. Do we have other tools for forcing better spacing available?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you indent the image blocks by 4 spaces to be within each step, maybe that could change the rendering a bit and add more space? (I should try this out, I guess)

Copy link
Contributor

@vishaangelova vishaangelova Jun 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Formatting it like below renders the images within the a-b-c list with the correct numbering, also keeping the last two paragraphs indented (as part of step 10, but not part of step c). But it doesn’t solve the spacing issue, I guess.

Not using <br> looks OK to me though. (The screenshot is only of the last sub-step as the images were too large (does it make sense to resize them?).

10. Choose the access level that you'd like the role to have with respect to {{fleet}} and integrations:
    1. To grant the role full access to use and manage {{fleet}} and integrations, set both the **Fleet** and **Integrations** privileges to `All`.

        :::{image} images/kibana-fleet-privileges-all.png
        :alt: Kibana privileges flyout showing Fleet and Integrations access set to All
        :screenshot:
        :::

    2. To create a read-only user for {{fleet}} and Integrations, set both the **Fleet** and **Integrations** privileges to `Read`.

        :::{image} images/kibana-fleet-privileges-read.png
        :alt: Kibana privileges flyout showing Fleet and Integrations access set to All
        :screenshot:
        :::

    3. If you'd like to define more specialized access to {{fleet}} based on individual components, expand the **Fleet** menu and enable **Customize sub-feature privileges**.

        :::{image} images/kibana-fleet-privileges-enable.png
        :alt: Kibana customize sub-feature privileges UI
        :screenshot:
        :::

    Any setting for individual {{fleet}} components that you specify here takes precedence over the general `All`, `Read`, or `None` privilege set for {{fleet}}.
    
    Based on your selections, access to features in the {{fleet}} UI are enabled or disabled for the role. 
    Those details are covered in the next section: [Customize access to {{fleet}} features](#fleet-roles-and-privileges-sub-features).

After you've created a new role you can assign it to any {{es}} user.
You can edit the role at any time by returning to the **Roles** page in {{kib}}.
Screenshot 2025-06-27 at 13 23 04

@karenzone karenzone marked this pull request as ready for review June 17, 2025 21:46
@karenzone karenzone requested a review from a team as a code owner June 17, 2025 21:46
Copy link
Contributor

@kilfoyle kilfoyle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🦖
Very nice!

Copy link

@nimarezainia nimarezainia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thank you. just one minor comment about the version.


Assigning the {{kib}} feature privileges `Fleet` and `Integrations` grants access to use {{fleet}} and Integrations.
Beginning with {{stack}} version 8.17, you have more granular control over user access to features in and managed by {{fleet}}.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

version should be 9.1

@nimarezainia
Copy link

@karenzone I will need to add some content regarding migration. for an existing deployment with agent policies there's an extra step they have to perform before the feature can be enabled. Once your changes are merged I'll make the mods. thanks

@karenzone
Copy link
Contributor Author

@karenzone I will need to add some content regarding migration. for an existing deployment with agent policies there's an extra step they have to perform before the feature can be enabled. Once your changes are merged I'll make the mods. thanks

Thanks, @nimarezainia. I'll make a note to be on the lookout for incoming changes post-merge.

Comment on lines 73 to 84
2. To create a read-only user for {{fleet}} and Integrations, set both the **Fleet** and **Integrations** privileges to `Read`.
:::{image} images/kibana-fleet-privileges-read.png
:alt: Kibana privileges flyout showing Fleet and Integrations access set to All
:screenshot:
:::
<br>
3. If you'd like to define more specialized access to {{fleet}} based on individual components, expand the **Fleet** menu and enable **Customize sub-feature privileges**.
:::{image} images/kibana-fleet-privileges-enable.png
:alt: Kibana customize sub-feature privileges UI
:screenshot:
:::
<br>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you indent the image blocks by 4 spaces to be within each step, maybe that could change the rendering a bit and add more space? (I should try this out, I guess)

@karenzone
Copy link
Contributor Author

@kpollich, here's the Space Awareness PR we talked about.
Thanks for your help with it.

Copy link
Contributor

@juliaElastic juliaElastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@karenzone
Copy link
Contributor Author

@colleenmcginnis, here's the PR we talked about wrt versioning for layered content. Let's discuss, please.

Copy link
Contributor

@colleenmcginnis colleenmcginnis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@karenzone Based on a quick review, I would expect something like this to clarify what's available in which version.

My suggestions are meant to be illustrative — you'll likely need to adjust my suggestions based on the knowledge you've gained working on this issue (that I certainly don't have!).

Co-authored-by: Colleen McGinnis <[email protected]>
Copy link
Contributor

@colleenmcginnis colleenmcginnis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✨ Looks good!

I left one question below in case it's something I missed before.

@karenzone karenzone merged commit 5c24b3c into elastic:main Jul 1, 2025
7 checks passed
@karenzone karenzone deleted the 1142-space-awareness branch July 1, 2025 15:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants