Observability UI > User Experience > Error message needs to be revised

[rashmivkulkarni]

Kibana version: 8.4.0 BC2

When you login as a user with very limited privileges ( I logged in a deprecated role setting assigned to a user - kibana_user ) and navigate to Observability > User Experience > Dashboard, you see the following errors on the UI- which is not actually an indicator of the actual error happening in the backend.

Expected:

The right UI message should be displayed to the end user ( Should display correct UI messaging stating that the user has insufficient permissions)

Logs - do show the right exception - 403

[2022-08-10T13:22:29.243-07:00][ERROR][plugins.apm] Error: security_exception: [security_exception] Reason: action [indices:data/read/search] is unauthorized for user [limited_user] with roles [kibana_user], this action is granted by the index privileges [read,all]
    at /Users/rashmikulkarni/Documents/8.4.0BC2/kibana-8.4.0/x-pack/plugins/observability/common/utils/unwrap_es_response.js:59:11
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at hasHistoricalAgentData (/Users/rashmikulkarni/Documents/8.4.0BC2/kibana-8.4.0/x-pack/plugins/apm/server/routes/historical_data/has_historical_agent_data.js:30:16)
    at /Users/rashmikulkarni/Documents/8.4.0BC2/kibana-8.4.0/x-pack/plugins/apm/server/routes/data_view/create_static_data_view.js:39:21
    at handler (/Users/rashmikulkarni/Documents/8.4.0BC2/kibana-8.4.0/x-pack/plugins/apm/server/routes/data_view/route.js:40:22)
    at /Users/rashmikulkarni/Documents/8.4.0BC2/kibana-8.4.0/x-pack/plugins/apm/server/routes/apm_routes/register_apm_server_routes.js:96:13
    at Router.handle (/Users/rashmikulkarni/Documents/8.4.0BC2/kibana-8.4.0/node_modules/@kbn/core-http-router-server-internal/target_node/router.js:163:30)
    at handler (/Users/rashmikulkarni/Documents/8.4.0BC2/kibana-8.4.0/node_modules/@kbn/core-http-router-server-internal/target_node/router.js:124:50)
    at exports.Manager.execute (/Users/rashmikulkarni/Documents/8.4.0BC2/kibana-8.4.0/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
    at Object.internals.handler (/Users/rashmikulkarni/Documents/8.4.0BC2/kibana-8.4.0/node_modules/@hapi/hapi/lib/handler.js:46:20)
    at exports.execute (/Users/rashmikulkarni/Documents/8.4.0BC2/kibana-8.4.0/node_modules/@hapi/hapi/lib/handler.js:31:20)
    at Request._lifecycle (/Users/rashmikulkarni/Documents/8.4.0BC2/kibana-8.4.0/node_modules/@hapi/hapi/lib/request.js:371:32)
    at Request._execute (/Users/rashmikulkarni/Documents/8.4.0BC2/kibana-8.4.0/node_modules/@hapi/hapi/lib/request.js:281:9)
Response: {
  error: {
    root_cause: [
      {
        type: 'security_exception',
        reason: 'action [indices:data/read/search] is unauthorized for user [limited_user] with roles [kibana_user], this action is granted by the index privileges [read,all]'
      }
    ],
    type: 'security_exception',
    reason: 'action [indices:data/read/search] is unauthorized for user [limited_user] with roles [kibana_user], this action is granted by the index privileges [read,all]'
  },
  status: 403
}

Please note this is not a security issue. Only the UI needs to display the right error message.

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)

[elasticmachine]

Pinging @elastic/unified-observability (Team:Observability)