Summary
While developing Kibana for the Serverless offering, developers should be able to easily switch between users with different roles and privileges to test their applications. Currently, this process is quite cumbersome, as Serverless Elasticsearch doesn't support the native realm, preventing developers from quickly adding custom native users and roles.
Also, in Serverless, users are required to use the SAML realm for authentication, which differs significantly from the native realm. Therefore, it's important to test functionality in an environment as close to production as possible.
It is possible to configure both Serverless Elasticsearch and Serverless Kibana with a "fake" SAML realm locally today (we already have file-based roles that can be mapped to SAML users). With this setup, SAML users can be created on-the-fly with any roles developers need. However, there is currently no user-friendly UI to simplify switching between roles. We should consider implementing a special local-only Serverless Login Selector to address this, similar to the local-only Serverless top-bar used to switch between project types.
Summary
While developing Kibana for the Serverless offering, developers should be able to easily switch between users with different roles and privileges to test their applications. Currently, this process is quite cumbersome, as Serverless Elasticsearch doesn't support the native realm, preventing developers from quickly adding custom native users and roles.
Also, in Serverless, users are required to use the SAML realm for authentication, which differs significantly from the native realm. Therefore, it's important to test functionality in an environment as close to production as possible.
It is possible to configure both Serverless Elasticsearch and Serverless Kibana with a "fake" SAML realm locally today (we already have file-based roles that can be mapped to SAML users). With this setup, SAML users can be created on-the-fly with any roles developers need. However, there is currently no user-friendly UI to simplify switching between roles. We should consider implementing a special local-only Serverless Login Selector to address this, similar to the local-only Serverless top-bar used to switch between project types.