[SIEM][Detection Engine] Closing a signal silently fails with reduced privileges

[cwurm]

Scenario:
For a user missing the required privileges to update signal documents, the icon is visible and can be clicked. However, closing the signal will silently fail, with an error in the Network tab.

Privileges:

• Cluster: manage_api_key
• Index: read, view_index_metadata, create_doc on .siem-signals-default*, read and view_index_metadata on packetbeat-*
• Kibana: All on SIEM

What did I do? Click close signal icon

Suggestion:
Expose the background error.

Screenshot

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[spong]

@MadameSheema in attempting to reproduce the above using a user/role with the detailed permissions I was unable to view the Alerts page as the app would get stuck on the /spaces/space_selector route and never load any spaces.

edit: This is a spaces permissions error when moving between test and local kibana instances. Re-verifying space privileges on the corresponding kibana instance will resolve this.

[MadameSheema]

@spong @peluja1012 on 7.10 branch I was able to partially reproduce the behaviour.

As you can see in the screenshot, although an error is displayed, alerts are displayed and the option of closing an alert is enabled.

When I click on Close alert, the alert is not closed.

How do we want to proceed with this? Thanks 😊

[spong]

As much as possible we should disable UI actions that we know will fail, so for this, we should disable the status-changing actions, and ensure the copy in the read-only callout that's displayed at the top of the page informs the user what actions are disabled, and that we also provide a link to docs for understanding why/how to fix.

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security Solution)