UI: Non-admin users will see 500s and loading states on Databases and Events

[chrisseto]

Describe the problem

When visiting the "Databases" and "Events" pages of the admin UI as a user that is not part of the admin role they appear broken.

To Reproduce

1. Set up secure CockroachDB cluster
2. Create a normal user CREATE USER blah WITH PASSWORD ...
3. Log into the Admin UI as the created user
4. Navigate to either the "Databases" or "Events" page
5. See error

Expected behavior
I would expect to see a banner stating that my user does not have access to the requested data.
I would also expect to see 403 responses rather than 500s.

Additional data / screenshots
The events page returns a 500.

The Databases page correctly returns a 403 but does not handle it.

Environment:

• CockroachDB version 19.2.x, V20.1.0-RC.2

Additional context
While debugging issues with a production cluster I noticed certain pages of the admin UI where not loading and 500s coming back from the server.
This lead me to believe that something was extremely wrong.
Another SRE was unable to reproduce the problem with an admin user which led us to the conclusion that non-admin users may be problematic.
Nothing is particularly dangerous but it is quite the red herring if a cluster is already misbehaving.

[piyush-singh]

We should definitely change these over to 403 errors, we did a sweep of pages in the past, but looks like we missed a few. This should be backported to 19.1.x and 19.2.x when we pick this up.

Open question on how best to handle these errors on the page - probably a question for @dhartunian.

[piyush-singh]

This is also happening on the node map. See #50360

[piyush-singh]

As @florence-crl mentioned from a customer issue (zendesk issue 5518), this is also happening on the data distribution page.

[Annebirzin]

@piyush-singh @dhartunian adding figma link for permission states in the Admin UI. (Below is a screenshot for statements, data distribution and events pages)

[koorosh]

@Annebirzin , thanks for the provided designs! Want to clarify a general question about error messages on forms. Currently, we don't distinguish if it's permission error or something else when rendering them on the page. It is used the same template for messages across the entire app.
What do you think of reusing new provided design for all kinds of errors, not only permissions?

For example, we might receive an error on failed request like this:

[Annebirzin]

@koorosh, would it be possible to make the error messages red (for failure) and the permission messages blue (for informative)? Reasoning here is that the permission message might be an expected behavior that the user defined, while the other errors are not expected.

Not sure if it's possible but the multiple error messages could look like this:

If there are permission issues and errors it could look like this:

[koorosh]

@Annebirzin , it really makes sense to have info and error messages with different colors!
Thank you for your suggestion!