Skip to content

[Lens] Allow read only view for users with write permissions but having no write access to the dashboard#247746

Merged
awahab07 merged 8 commits intoelastic:mainfrom
awahab07:236097_Write-protected-dashboards-view-configuration-for-non-owners
Feb 4, 2026
Merged

[Lens] Allow read only view for users with write permissions but having no write access to the dashboard#247746
awahab07 merged 8 commits intoelastic:mainfrom
awahab07:236097_Write-protected-dashboards-view-configuration-for-non-owners

Conversation

@awahab07
Copy link
Copy Markdown
Contributor

@awahab07 awahab07 commented Jan 2, 2026

Fixes #236097

Summary

Users with read-only access to write-protected dashboards can now view chart configurations via the "Show visualization configuration" panel action.

Dashboard now exposes isEditableByUser in its API, which Lens consumes to correctly determine write permissions instead of relying solely on role-based capabilities.

Perviously Lens's isReadOnlyEnabled() only checked role-based showWriteControls capability, ignoring dashboard-level access control. This caused write: true even for users who couldn't edit a write-protected dashboard, hiding the "Show visualization configuration" action.

Before ("Other Editor User", non owner user with write permissions can neither edit the viz, nor can view the config)

write-protected-dashboard-before.mov

After ("Other Editor User" can now view the config)

write-protected-dashboard-after.mov

@awahab07 awahab07 requested review from a team as code owners January 2, 2026 18:26
@awahab07 awahab07 added Team:Visualizations Team label for Lens, elastic-charts, Graph, legacy editors (TSVB, Visualize, Timelion) t// release_note:skip Skip the PR/issue when compiling release notes backport:skip This PR does not require backporting labels Jan 2, 2026
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jan 2, 2026

Pinging @elastic/kibana-visualizations (Team:Visualizations)

@awahab07
Copy link
Copy Markdown
Contributor Author

awahab07 commented Jan 5, 2026

@elasticmachine merge upstream

ThomThomson
ThomThomson approved these changes Jan 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@ThomThomson ThomThomson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dashboard changes LGTM! Makes sense to expose the canUserEditDashboard variable from the view mode manager as a static boolean because this will not change over the lifetime of the Dashboard.

@awahab07
Copy link
Copy Markdown
Contributor Author

awahab07 commented Jan 7, 2026

@elasticmachine merge upstream

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jan 7, 2026

merge conflict between base and head

@awahab07
Merge remote-tracking branch 'origin/main' into 236097_Write-protecte…
d252e6d 
…d-dashboards-view-configuration-for-non-owners

# Conflicts:
#	x-pack/platform/plugins/shared/lens/public/react_embeddable/type_guards.ts
@awahab07
Copy link
Copy Markdown
Contributor Author

awahab07 commented Jan 19, 2026

@elasticmachine merge upstream

@awahab07
Copy link
Copy Markdown
Contributor Author

awahab07 commented Jan 23, 2026

@elasticmachine merge upstream

@awahab07
Copy link
Copy Markdown
Contributor Author

awahab07 commented Jan 27, 2026

@elasticmachine merge upstream

@awahab07
Copy link
Copy Markdown
Contributor Author

awahab07 commented Feb 4, 2026

@elasticmachine merge upstream

@awahab07 awahab07 enabled auto-merge (squash) February 4, 2026 10:36
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Feb 4, 2026
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #37 / console app console autocomplete feature Autocomplete shouldnt trigger within a multiline block comment
  • [job] [logs] Scout: [ platform / streams_app-serverless-oblt ] plugin / serverless-oblt - Stream data processing - data sources management - should allow adding a new kql data source
  • [job] [logs] Scout: [ platform / streams_app-serverless-oblt ] plugin / serverless-oblt - Stream data processing - data sources management - should allow adding a new kql data source
  • [job] [logs] Scout: [ platform / streams_app-stateful ] plugin / should allow adding a new kql data source
  • [job] [logs] Scout: [ platform / streams_app-serverless-oblt ] plugin / should allow adding a new kql data source
  • [job] [logs] Scout: [ platform / streams_app-stateful ] plugin / should allow adding a new kql data source
  • [job] [logs] Scout: [ platform / streams_app-serverless-oblt ] plugin / should allow adding a new kql data source
  • [job] [logs] Scout: [ platform / streams_app-stateful ] plugin / stateful - Stream data processing - data sources management - should allow adding a new kql data source
  • [job] [logs] Scout: [ platform / streams_app-stateful ] plugin / stateful - Stream data processing - data sources management - should allow adding a new kql data source

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
dashboard 818.7KB 818.7KB +19.0B
lens 2.0MB 2.0MB +45.0B
total +64.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
lens 64.7KB 64.8KB +85.0B

History

@awahab07
Copy link
Copy Markdown
Contributor Author

awahab07 commented Feb 4, 2026

@elasticmachine merge upstream

@awahab07 awahab07 merged commit 67a5877 into elastic:main Feb 4, 2026
16 checks passed
mbondyra added a commit to mbondyra/kibana that referenced this pull request Feb 5, 2026
@mbondyra
Merge commit '5c0872d56bc0268177cd3c7150a1685481fb5238' into test_agent2
09f3110 
* commit '5c0872d56bc0268177cd3c7150a1685481fb5238': (221 commits)
  Add .cursorignore file (elastic#251709)
  [Search] Add descriptions to semantic_text field inference endpoint select (elastic#249265)
  [Agent Builder] Agent skills implementation (elastic#251209)
  [Lens] [ES|QL] Improve types for ES|QL conversion. (elastic#251042)
  Update the trace waterfall to make it easy to understand (elastic#250442)
  [ES|QL] [Lens] Adds query stats (elastic#251029)
  [Lens] Fix KQL character escaping when query is generated from Top values column (breakdown). (elastic#250925)
  fix(kbn-elastic-assistant): fix a11y issue with missing label on flyout (elastic#251656)
  Update dependency @elastic/monaco-esql to v3.1.16 (main) (elastic#251666)
  [Automatic Import V2] Add langsmith tracing (elastic#251592)
  [scout] fix duplicated test failure reports in Buildkite annotations (elastic#251455)
  chore(NA): remove us-central1-b from gcp zones on high load jobs (elastic#251748)
  skip flaky suite (elastic#250973)
  [Lens] Allow read only view for users with write permissions but having no write access to the dashboard (elastic#247746)
  [CI] Increase artifacts disk to 180gb (elastic#251774)
  [content-list] 1. Provider Foundation (elastic#251344)
  [AI Infra] Add missing ES|QL commands and functions documentation for inference tasks (elastic#249089)
  [docs-utils] 4️⃣ pre-req: Prepare for new validations (elastic#250810)
  [APM] Extend React flow service map test coverage (elastic#251624)
  [scout] discover tests with custom server configs (elastic#251297)
  ...

# Conflicts:
#	src/platform/plugins/shared/dashboard/tsconfig.json
#	x-pack/platform/plugins/shared/agent_builder_platform/server/tools/create_visualization/create_visualization.ts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@markov00 markov00 markov00 approved these changes

@ThomThomson ThomThomson ThomThomson approved these changes

Assignees

No one assigned

Labels

backport:skip This PR does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Visualizations Team label for Lens, elastic-charts, Graph, legacy editors (TSVB, Visualize, Timelion) t// v9.4.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Users need to see charts configurations in "write-protected" dashboards

5 participants

@awahab07 @elasticmachine @markov00 @ThomThomson @kibanamachine