Skip to content

[Roles] Added error reasons for role malformed message#239098

Merged
elena-shostak merged 8 commits intoelastic:mainfrom
elena-shostak:224053-malformed-role
Oct 16, 2025
Merged

[Roles] Added error reasons for role malformed message#239098
elena-shostak merged 8 commits intoelastic:mainfrom
elena-shostak:224053-malformed-role

Conversation

@elena-shostak
Copy link
Contributor

@elena-shostak elena-shostak commented Oct 15, 2025
edited by kibanamachine
Loading

Summary

Added error reasons for role malformed message.

How to test

1. Create a couple of malformed roles 
POST _security/role
{
  "roles": {
    "malformed-reserved-privileges-wrong-app-role": {
      "cluster": [],
      "remote_cluster": [],
      "indices": [],
      "applications": [
        {
          "application": "kibana-.kibana",
          "privileges": [
            "reserved_ml_admin"
          ],
          "resources": [
            "*"
          ]
        }
      ],
      "run_as": [],
      "metadata": {},
      "transient_metadata": {
        "enabled": true
      }
    },
    "malformed-space-privileges-global-role": {
      "cluster": [],
      "remote_cluster": [],
      "indices": [],
      "applications": [
        {
          "application": "kibana-.kibana",
          "privileges": [
            "space_read"
          ],
          "resources": [
            "*"
          ]
        }
      ],
      "run_as": [],
      "metadata": {},
      "transient_metadata": {
        "enabled": true
      }
    },
    "malformed-global-privileges-space-role": {
      "cluster": [],
      "remote_cluster": [],
      "indices": [],
      "applications": [
        {
          "application": "kibana-.kibana",
          "privileges": [
            "all"
          ],
          "resources": [
            "space:default"
          ]
        }
      ],
      "run_as": [],
      "metadata": {},
      "transient_metadata": {
        "enabled": true
      }
    },
    "malformed-base-feature-privileges-mixed-role": {
      "cluster": [],
      "remote_cluster": [],
      "indices": [],
      "applications": [
        {
          "application": "kibana-.kibana",
          "privileges": [
            "all",
            "feature_dashboard.read"
          ],
          "resources": [
            "*"
          ]
        }
      ],
      "run_as": [],
      "metadata": {},
      "transient_metadata": {
        "enabled": true
      }
    },
    "malformed-invalid-resource-format-role": {
      "cluster": [],
      "remote_cluster": [],
      "indices": [],
      "applications": [
        {
          "application": "kibana-.kibana",
          "privileges": [
            "feature_dashboard.read"
          ],
          "resources": [
            "invalid:resource:format"
          ]
        }
      ],
      "run_as": [],
      "metadata": {},
      "transient_metadata": {
        "enabled": true
      }
    },
    "malformed-duplicated-resources-role": {
      "cluster": [],
      "remote_cluster": [],
      "indices": [],
      "applications": [
        {
          "application": "kibana-.kibana",
          "privileges": [
            "feature_dashboard.read"
          ],
          "resources": [
            "space:default",
            "space:default"
          ]
        }
      ],
      "run_as": [],
      "metadata": {},
      "transient_metadata": {
        "enabled": true
      }
    },
    "malformed-reserved-privileges-mixed-role": {
      "cluster": [],
      "remote_cluster": [],
      "indices": [],
      "applications": [
        {
          "application": "kibana-.kibana",
          "privileges": [
            "reserved_ml_admin",
            "feature_dashboard.read"
          ],
          "resources": [
            "*"
          ]
        }
      ],
      "run_as": [],
      "metadata": {},
      "transient_metadata": {
        "enabled": true
      }
    }
  }
}
  1. Go to Stack Management -> Roles -> [MALFORMED_ROLE] and check the displayed error messages.

The code block for kibana applications has been added underneath the message as well.
Screenshot 2025-10-15 at 14 59 58

Error Reason Client Message
RESERVED_PRIVILEGES_WRONG_APP Screenshot 2025-10-15 at 12 39 04
GLOBAL_PRIVILEGES_SPACE Screenshot 2025-10-15 at 12 43 20
GLOBAL_RESOURCE_MIXED Screenshot 2025-10-15 at 12 38 36
BASE_FEATURE_PRIVILEGES_MIXED Screenshot 2025-10-15 at 12 42 59
INVALID_RESOURCE_FORMAT Screenshot 2025-10-15 at 12 47 05
DUPLICATED_RESOURCES Screenshot 2025-10-15 at 12 48 26
SPACE_PRIVILEGES_GLOBAL Screenshot 2025-10-15 at 12 50 14
RESERVED_PRIVILEGES_MIXED Screenshot 2025-10-15 at 12 53 54
DISABLED_FEATURE_PRIVILEGES Screenshot 2025-10-15 at 12 54 41

Checklist

Closes: #224053

Release Note

Enhanced the error message to include detailed information about why the role is considered malformed.
@elena-shostak elena-shostak added Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// enhancement New value added to drive a business result Feature:Users/Roles/API Keys release_note:enhancement backport:version Backport to applied version labels v9.1.6 v8.18.9 v8.19.6 v9.0.9 labels Oct 15, 2025
@elena-shostak elena-shostak marked this pull request as ready for review October 16, 2025 12:13
@elena-shostak elena-shostak requested a review from a team as a code owner October 16, 2025 12:13
@elasticmachine
Copy link
Contributor

elasticmachine commented Oct 16, 2025

Pinging @elastic/kibana-security (Team:Security)
rgodfrey-elastic
rgodfrey-elastic reviewed Oct 16, 2025
View reviewed changes
Copy link
Contributor

@rgodfrey-elastic rgodfrey-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks really good! I added a couple comments to the code but I'll leave it up to you if you want to make those changes.

I also have a couple general comments/questions:

  1. Are you missing labels for v9.2 and v9.3? I was told to add those to my one and only PR lol
  2. Are there any validations that prevent these bad roles from getting saved in the first place? It's great to display the extra context when there are errors but preventing them from being stored would probably be more valuable.
@elena-shostak
Copy link
Contributor Author

elena-shostak commented Oct 16, 2025
edited
Loading

@rgodfrey-elastic

Are you missing labels for v9.2 and v9.3? I was told to add those to my one and only PR lol

yeah, added for v9.2 and v9.3 is current main, so no need to backport for it. Thanks!

Are there any validations that prevent these bad roles from getting saved in the first place? It's great to display the extra context when there are errors but preventing them from being stored would probably be more valuable.

Validations are performed if you create a role using kibana endpoint, but since they are not present at the es level we can still come up with this malformed issues
rgodfrey-elastic
rgodfrey-elastic approved these changes Oct 16, 2025
View reviewed changes
Copy link
Contributor

@rgodfrey-elastic rgodfrey-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! and thanks for addressing my questions!
@elena-shostak elena-shostak enabled auto-merge (squash) October 16, 2025 15:42
@elena-shostak elena-shostak merged commit 762bed0 into elastic:main Oct 16, 2025
12 checks passed
@kibanamachine
Copy link
Contributor

kibanamachine commented Oct 16, 2025

Starting backport for target branches: 8.18, 8.19, 9.0, 9.1, 9.2

https://github.com/elastic/kibana/actions/runs/18569196664
@elasticmachine
Copy link
Contributor

elasticmachine commented Oct 16, 2025

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #116 / Cloud Security Posture Agentless cloud Hyperlink on PostInstallation Modal should have the correct URL
  • [job] [logs] FTR Configs #31 / Cloud Security Posture POST /internal/cloud_security_posture/graph Happy flows should return a graph with nodes and edges by alert and actor
  • [job] [logs] FTR Configs #127 / Cloud Security Posture Test adding Cloud Security Posture Integrations CNVM CNVM AWS Hyperlink on PostInstallation Modal should have the correct URL
  • [job] [logs] FTR Configs #46 / serverless observability UI Onboarding Onboarding Auto-Detect guides user through data onboarding
  • [job] [logs] FTR Configs #133 / Synthetics API Tests AddProjectMonitors "before all" hook for "project monitors - saves space as data stream namespace"

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
security 549 551 +2

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/security-plugin-types-common 68 76 +8

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
security 482.2KB 485.5KB +3.3KB
Unknown metric groups

API count

id before after diff
@kbn/security-plugin-types-common 129 137 +8

History
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 16, 2025
@elena-shostak
[Roles] Added error reasons for role malformed message (elastic#239098)
a6054c1 
## Summary

Added error reasons for role malformed message.

### How to test

<details>
  <summary>1. Create a couple of malformed roles</summary>

  ```
  POST _security/role
  {
    "roles": {
      "malformed-reserved-privileges-wrong-app-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-space-privileges-global-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "space_read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-global-privileges-space-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all"
            ],
            "resources": [
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-base-feature-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-invalid-resource-format-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "invalid:resource:format"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-duplicated-resources-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "space:default",
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-reserved-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      }
    }
  }
  ```
</details>

2. Go to Stack Management -> Roles -> [MALFORMED_ROLE] and check the
displayed error messages.

The code block for kibana applications has been added underneath the
message as well.
<img width="613" height="309" alt="Screenshot 2025-10-15 at 14 59 58"
src="https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be"
/>

| Error Reason  | Client Message |
| ------------- | ------------- |
| `RESERVED_PRIVILEGES_WRONG_APP` | <img width="608" height="225"
alt="Screenshot 2025-10-15 at 12 39 04"
src="https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29"
/> |
| `GLOBAL_PRIVILEGES_SPACE` | <img width="578" height="204"
alt="Screenshot 2025-10-15 at 12 43 20"
src="https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c"
/>|
| `GLOBAL_RESOURCE_MIXED` | <img width="388" height="184"
alt="Screenshot 2025-10-15 at 12 38 36"
src="https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f"
/>|
| `BASE_FEATURE_PRIVILEGES_MIXED ` | <img width="478" height="186"
alt="Screenshot 2025-10-15 at 12 42 59"
src="https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa"
/> |
| `INVALID_RESOURCE_FORMAT ` | <img width="435" height="195"
alt="Screenshot 2025-10-15 at 12 47 05"
src="https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0"
/> |
| `DUPLICATED_RESOURCES ` | <img width="390" height="190"
alt="Screenshot 2025-10-15 at 12 48 26"
src="https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c"
/> |
| `SPACE_PRIVILEGES_GLOBAL` | <img width="398" height="188"
alt="Screenshot 2025-10-15 at 12 50 14"
src="https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8"
/> |
| `RESERVED_PRIVILEGES_MIXED` | <img width="566" height="203"
alt="Screenshot 2025-10-15 at 12 53 54"
src="https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100"
/>|
| `DISABLED_FEATURE_PRIVILEGES` | <img width="382" height="198"
alt="Screenshot 2025-10-15 at 12 54 41"
src="https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc"
/> |

### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
- [x] Review the [backport
guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)
and apply applicable `backport:*` labels.

__Closes: https://github.com/elastic/kibana/issues/224053__

## Release Note
Enhanced the error message to include detailed information about why the
role is considered malformed.

(cherry picked from commit 762bed0)
@kibanamachine kibanamachine mentioned this pull request Oct 16, 2025
Closed
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 16, 2025
@elena-shostak
[Roles] Added error reasons for role malformed message (elastic#239098)
83b3592 
## Summary

Added error reasons for role malformed message.

### How to test

<details>
  <summary>1. Create a couple of malformed roles</summary>

  ```
  POST _security/role
  {
    "roles": {
      "malformed-reserved-privileges-wrong-app-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-space-privileges-global-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "space_read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-global-privileges-space-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all"
            ],
            "resources": [
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-base-feature-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-invalid-resource-format-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "invalid:resource:format"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-duplicated-resources-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "space:default",
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-reserved-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      }
    }
  }
  ```
</details>

2. Go to Stack Management -> Roles -> [MALFORMED_ROLE] and check the
displayed error messages.

The code block for kibana applications has been added underneath the
message as well.
<img width="613" height="309" alt="Screenshot 2025-10-15 at 14 59 58"
src="https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be"
/>

| Error Reason  | Client Message |
| ------------- | ------------- |
| `RESERVED_PRIVILEGES_WRONG_APP` | <img width="608" height="225"
alt="Screenshot 2025-10-15 at 12 39 04"
src="https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29"
/> |
| `GLOBAL_PRIVILEGES_SPACE` | <img width="578" height="204"
alt="Screenshot 2025-10-15 at 12 43 20"
src="https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c"
/>|
| `GLOBAL_RESOURCE_MIXED` | <img width="388" height="184"
alt="Screenshot 2025-10-15 at 12 38 36"
src="https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f"
/>|
| `BASE_FEATURE_PRIVILEGES_MIXED ` | <img width="478" height="186"
alt="Screenshot 2025-10-15 at 12 42 59"
src="https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa"
/> |
| `INVALID_RESOURCE_FORMAT ` | <img width="435" height="195"
alt="Screenshot 2025-10-15 at 12 47 05"
src="https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0"
/> |
| `DUPLICATED_RESOURCES ` | <img width="390" height="190"
alt="Screenshot 2025-10-15 at 12 48 26"
src="https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c"
/> |
| `SPACE_PRIVILEGES_GLOBAL` | <img width="398" height="188"
alt="Screenshot 2025-10-15 at 12 50 14"
src="https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8"
/> |
| `RESERVED_PRIVILEGES_MIXED` | <img width="566" height="203"
alt="Screenshot 2025-10-15 at 12 53 54"
src="https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100"
/>|
| `DISABLED_FEATURE_PRIVILEGES` | <img width="382" height="198"
alt="Screenshot 2025-10-15 at 12 54 41"
src="https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc"
/> |

### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
- [x] Review the [backport
guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)
and apply applicable `backport:*` labels.

__Closes: https://github.com/elastic/kibana/issues/224053__

## Release Note
Enhanced the error message to include detailed information about why the
role is considered malformed.

(cherry picked from commit 762bed0)
@kibanamachine kibanamachine mentioned this pull request Oct 16, 2025
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 16, 2025
@elena-shostak
[Roles] Added error reasons for role malformed message (elastic#239098)
a172b22 
## Summary

Added error reasons for role malformed message.

### How to test

<details>
  <summary>1. Create a couple of malformed roles</summary>

  ```
  POST _security/role
  {
    "roles": {
      "malformed-reserved-privileges-wrong-app-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-space-privileges-global-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "space_read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-global-privileges-space-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all"
            ],
            "resources": [
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-base-feature-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-invalid-resource-format-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "invalid:resource:format"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-duplicated-resources-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "space:default",
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-reserved-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      }
    }
  }
  ```
</details>

2. Go to Stack Management -> Roles -> [MALFORMED_ROLE] and check the
displayed error messages.

The code block for kibana applications has been added underneath the
message as well.
<img width="613" height="309" alt="Screenshot 2025-10-15 at 14 59 58"
src="https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be"
/>

| Error Reason  | Client Message |
| ------------- | ------------- |
| `RESERVED_PRIVILEGES_WRONG_APP` | <img width="608" height="225"
alt="Screenshot 2025-10-15 at 12 39 04"
src="https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29"
/> |
| `GLOBAL_PRIVILEGES_SPACE` | <img width="578" height="204"
alt="Screenshot 2025-10-15 at 12 43 20"
src="https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c"
/>|
| `GLOBAL_RESOURCE_MIXED` | <img width="388" height="184"
alt="Screenshot 2025-10-15 at 12 38 36"
src="https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f"
/>|
| `BASE_FEATURE_PRIVILEGES_MIXED ` | <img width="478" height="186"
alt="Screenshot 2025-10-15 at 12 42 59"
src="https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa"
/> |
| `INVALID_RESOURCE_FORMAT ` | <img width="435" height="195"
alt="Screenshot 2025-10-15 at 12 47 05"
src="https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0"
/> |
| `DUPLICATED_RESOURCES ` | <img width="390" height="190"
alt="Screenshot 2025-10-15 at 12 48 26"
src="https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c"
/> |
| `SPACE_PRIVILEGES_GLOBAL` | <img width="398" height="188"
alt="Screenshot 2025-10-15 at 12 50 14"
src="https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8"
/> |
| `RESERVED_PRIVILEGES_MIXED` | <img width="566" height="203"
alt="Screenshot 2025-10-15 at 12 53 54"
src="https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100"
/>|
| `DISABLED_FEATURE_PRIVILEGES` | <img width="382" height="198"
alt="Screenshot 2025-10-15 at 12 54 41"
src="https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc"
/> |

### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
- [x] Review the [backport
guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)
and apply applicable `backport:*` labels.

__Closes: https://github.com/elastic/kibana/issues/224053__

## Release Note
Enhanced the error message to include detailed information about why the
role is considered malformed.

(cherry picked from commit 762bed0)
@kibanamachine kibanamachine mentioned this pull request Oct 16, 2025
Closed
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 16, 2025
@elena-shostak
[Roles] Added error reasons for role malformed message (elastic#239098)
d2643b7 
## Summary

Added error reasons for role malformed message.

### How to test

<details>
  <summary>1. Create a couple of malformed roles</summary>

  ```
  POST _security/role
  {
    "roles": {
      "malformed-reserved-privileges-wrong-app-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-space-privileges-global-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "space_read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-global-privileges-space-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all"
            ],
            "resources": [
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-base-feature-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-invalid-resource-format-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "invalid:resource:format"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-duplicated-resources-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "space:default",
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-reserved-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      }
    }
  }
  ```
</details>

2. Go to Stack Management -> Roles -> [MALFORMED_ROLE] and check the
displayed error messages.

The code block for kibana applications has been added underneath the
message as well.
<img width="613" height="309" alt="Screenshot 2025-10-15 at 14 59 58"
src="https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be"
/>

| Error Reason  | Client Message |
| ------------- | ------------- |
| `RESERVED_PRIVILEGES_WRONG_APP` | <img width="608" height="225"
alt="Screenshot 2025-10-15 at 12 39 04"
src="https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29"
/> |
| `GLOBAL_PRIVILEGES_SPACE` | <img width="578" height="204"
alt="Screenshot 2025-10-15 at 12 43 20"
src="https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c"
/>|
| `GLOBAL_RESOURCE_MIXED` | <img width="388" height="184"
alt="Screenshot 2025-10-15 at 12 38 36"
src="https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f"
/>|
| `BASE_FEATURE_PRIVILEGES_MIXED ` | <img width="478" height="186"
alt="Screenshot 2025-10-15 at 12 42 59"
src="https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa"
/> |
| `INVALID_RESOURCE_FORMAT ` | <img width="435" height="195"
alt="Screenshot 2025-10-15 at 12 47 05"
src="https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0"
/> |
| `DUPLICATED_RESOURCES ` | <img width="390" height="190"
alt="Screenshot 2025-10-15 at 12 48 26"
src="https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c"
/> |
| `SPACE_PRIVILEGES_GLOBAL` | <img width="398" height="188"
alt="Screenshot 2025-10-15 at 12 50 14"
src="https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8"
/> |
| `RESERVED_PRIVILEGES_MIXED` | <img width="566" height="203"
alt="Screenshot 2025-10-15 at 12 53 54"
src="https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100"
/>|
| `DISABLED_FEATURE_PRIVILEGES` | <img width="382" height="198"
alt="Screenshot 2025-10-15 at 12 54 41"
src="https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc"
/> |

### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
- [x] Review the [backport
guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)
and apply applicable `backport:*` labels.

__Closes: https://github.com/elastic/kibana/issues/224053__

## Release Note
Enhanced the error message to include detailed information about why the
role is considered malformed.

(cherry picked from commit 762bed0)
@kibanamachine kibanamachine mentioned this pull request Oct 16, 2025
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 16, 2025
@elena-shostak
[Roles] Added error reasons for role malformed message (elastic#239098)
c00f959 
## Summary

Added error reasons for role malformed message.

### How to test

<details>
  <summary>1. Create a couple of malformed roles</summary>

  ```
  POST _security/role
  {
    "roles": {
      "malformed-reserved-privileges-wrong-app-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-space-privileges-global-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "space_read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-global-privileges-space-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all"
            ],
            "resources": [
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-base-feature-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-invalid-resource-format-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "invalid:resource:format"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-duplicated-resources-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "space:default",
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-reserved-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      }
    }
  }
  ```
</details>

2. Go to Stack Management -> Roles -> [MALFORMED_ROLE] and check the
displayed error messages.

The code block for kibana applications has been added underneath the
message as well.
<img width="613" height="309" alt="Screenshot 2025-10-15 at 14 59 58"
src="https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be"
/>

| Error Reason  | Client Message |
| ------------- | ------------- |
| `RESERVED_PRIVILEGES_WRONG_APP` | <img width="608" height="225"
alt="Screenshot 2025-10-15 at 12 39 04"
src="https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29"
/> |
| `GLOBAL_PRIVILEGES_SPACE` | <img width="578" height="204"
alt="Screenshot 2025-10-15 at 12 43 20"
src="https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c"
/>|
| `GLOBAL_RESOURCE_MIXED` | <img width="388" height="184"
alt="Screenshot 2025-10-15 at 12 38 36"
src="https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f"
/>|
| `BASE_FEATURE_PRIVILEGES_MIXED ` | <img width="478" height="186"
alt="Screenshot 2025-10-15 at 12 42 59"
src="https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa"
/> |
| `INVALID_RESOURCE_FORMAT ` | <img width="435" height="195"
alt="Screenshot 2025-10-15 at 12 47 05"
src="https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0"
/> |
| `DUPLICATED_RESOURCES ` | <img width="390" height="190"
alt="Screenshot 2025-10-15 at 12 48 26"
src="https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c"
/> |
| `SPACE_PRIVILEGES_GLOBAL` | <img width="398" height="188"
alt="Screenshot 2025-10-15 at 12 50 14"
src="https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8"
/> |
| `RESERVED_PRIVILEGES_MIXED` | <img width="566" height="203"
alt="Screenshot 2025-10-15 at 12 53 54"
src="https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100"
/>|
| `DISABLED_FEATURE_PRIVILEGES` | <img width="382" height="198"
alt="Screenshot 2025-10-15 at 12 54 41"
src="https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc"
/> |

### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
- [x] Review the [backport
guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)
and apply applicable `backport:*` labels.

__Closes: https://github.com/elastic/kibana/issues/224053__

## Release Note
Enhanced the error message to include detailed information about why the
role is considered malformed.

(cherry picked from commit 762bed0)
@kibanamachine kibanamachine mentioned this pull request Oct 16, 2025
Merged
@kibanamachine
Copy link
Contributor

kibanamachine commented Oct 16, 2025

💚 All backports created successfully

Status Branch Result
8.18
8.19
9.0
9.1
9.2

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation
kibanamachine added a commit that referenced this pull request Oct 16, 2025
@kibanamachine @elena-shostak
[8.19] [Roles] Added error reasons for role malformed message (#239098)…
09ef17e 
… (#239410)

# Backport

This will backport the following commits from `main` to `8.19`:
- [[Roles] Added error reasons for role malformed message
(#239098)](#239098)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Elena
Shostak","email":"165678770+elena-shostak@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-10-16T17:13:28Z","message":"[Roles]
Added error reasons for role malformed message (#239098)\n\n##
Summary\n\nAdded error reasons for role malformed message.\n\n### How to
test\n\n<details>\n <summary>1. Create a couple of malformed
roles</summary>\n \n ```\n POST _security/role\n {\n \"roles\": {\n
\"malformed-reserved-privileges-wrong-app-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\"\n ],\n \"resources\": [\n \"*\"\n ]\n }\n ],\n
\"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\": {\n
\"enabled\": true\n }\n },\n \"malformed-space-privileges-global-role\":
{\n \"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"space_read\"\n ],\n \"resources\": [\n \"*\"\n ]\n
}\n ],\n \"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\":
{\n \"enabled\": true\n }\n },\n
\"malformed-global-privileges-space-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n \"all\"\n
],\n \"resources\": [\n \"space:default\"\n ]\n }\n ],\n \"run_as\":
[],\n \"metadata\": {},\n \"transient_metadata\": {\n \"enabled\":
true\n }\n },\n \"malformed-base-feature-privileges-mixed-role\": {\n
\"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"all\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n },\n
\"malformed-invalid-resource-format-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"invalid:resource:format\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-duplicated-resources-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"space:default\",\n \"space:default\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-reserved-privileges-mixed-role\": {\n \"cluster\":
[],\n \"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n
{\n \"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n }\n }\n }\n
```\n</details>\n\n2. Go to Stack Management -> Roles ->
[MALFORMED_ROLE] and check the\ndisplayed error messages.\n\nThe code
block for kibana applications has been added underneath the\nmessage as
well.\n<img width=\"613\" height=\"309\" alt=\"Screenshot 2025-10-15 at
14 59
58\"\nsrc=\"https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be\"\n/>\n\n\n|
Error Reason | Client Message |\n| ------------- | ------------- |\n|
`RESERVED_PRIVILEGES_WRONG_APP` | <img width=\"608\"
height=\"225\"\nalt=\"Screenshot 2025-10-15 at 12 39
04\"\nsrc=\"https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29\"\n/>
|\n| `GLOBAL_PRIVILEGES_SPACE` | <img width=\"578\"
height=\"204\"\nalt=\"Screenshot 2025-10-15 at 12 43
20\"\nsrc=\"https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c\"\n/>|\n|
`GLOBAL_RESOURCE_MIXED` | <img width=\"388\"
height=\"184\"\nalt=\"Screenshot 2025-10-15 at 12 38
36\"\nsrc=\"https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f\"\n/>|\n|
`BASE_FEATURE_PRIVILEGES_MIXED ` | <img width=\"478\"
height=\"186\"\nalt=\"Screenshot 2025-10-15 at 12 42
59\"\nsrc=\"https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa\"\n/>
|\n| `INVALID_RESOURCE_FORMAT ` | <img width=\"435\"
height=\"195\"\nalt=\"Screenshot 2025-10-15 at 12 47
05\"\nsrc=\"https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0\"\n/>
|\n| `DUPLICATED_RESOURCES ` | <img width=\"390\"
height=\"190\"\nalt=\"Screenshot 2025-10-15 at 12 48
26\"\nsrc=\"https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c\"\n/>
|\n| `SPACE_PRIVILEGES_GLOBAL` | <img width=\"398\"
height=\"188\"\nalt=\"Screenshot 2025-10-15 at 12 50
14\"\nsrc=\"https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8\"\n/>
|\n| `RESERVED_PRIVILEGES_MIXED` | <img width=\"566\"
height=\"203\"\nalt=\"Screenshot 2025-10-15 at 12 53
54\"\nsrc=\"https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100\"\n/>|\n|
`DISABLED_FEATURE_PRIVILEGES` | <img width=\"382\"
height=\"198\"\nalt=\"Screenshot 2025-10-15 at 12 54
41\"\nsrc=\"https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc\"\n/>
|\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] The PR
description includes the appropriate Release Notes section,\nand the
correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n-
[x] Review the
[backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand
apply applicable `backport:*` labels.\n\n__Closes:
https://github.com/elastic/kibana/issues/224053__\n\n## Release
Note\nEnhanced the error message to include detailed information about
why the\nrole is considered
malformed.","sha":"762bed0ce1e9acb305e51f14b81d167467c7a9ed","branchLabelMapping":{"^v9.3.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","Team:Security","enhancement","Feature:Users/Roles/API
Keys","backport:version","v9.2.0","v9.3.0","v9.1.6","v8.18.9","v8.19.6","v9.0.9"],"title":"[Roles]
Added error reasons for role malformed
message","number":239098,"url":"https://github.com/elastic/kibana/pull/239098","mergeCommit":{"message":"[Roles]
Added error reasons for role malformed message (#239098)\n\n##
Summary\n\nAdded error reasons for role malformed message.\n\n### How to
test\n\n<details>\n <summary>1. Create a couple of malformed
roles</summary>\n \n ```\n POST _security/role\n {\n \"roles\": {\n
\"malformed-reserved-privileges-wrong-app-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\"\n ],\n \"resources\": [\n \"*\"\n ]\n }\n ],\n
\"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\": {\n
\"enabled\": true\n }\n },\n \"malformed-space-privileges-global-role\":
{\n \"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"space_read\"\n ],\n \"resources\": [\n \"*\"\n ]\n
}\n ],\n \"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\":
{\n \"enabled\": true\n }\n },\n
\"malformed-global-privileges-space-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n \"all\"\n
],\n \"resources\": [\n \"space:default\"\n ]\n }\n ],\n \"run_as\":
[],\n \"metadata\": {},\n \"transient_metadata\": {\n \"enabled\":
true\n }\n },\n \"malformed-base-feature-privileges-mixed-role\": {\n
\"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"all\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n },\n
\"malformed-invalid-resource-format-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"invalid:resource:format\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-duplicated-resources-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"space:default\",\n \"space:default\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-reserved-privileges-mixed-role\": {\n \"cluster\":
[],\n \"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n
{\n \"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n }\n }\n }\n
```\n</details>\n\n2. Go to Stack Management -> Roles ->
[MALFORMED_ROLE] and check the\ndisplayed error messages.\n\nThe code
block for kibana applications has been added underneath the\nmessage as
well.\n<img width=\"613\" height=\"309\" alt=\"Screenshot 2025-10-15 at
14 59
58\"\nsrc=\"https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be\"\n/>\n\n\n|
Error Reason | Client Message |\n| ------------- | ------------- |\n|
`RESERVED_PRIVILEGES_WRONG_APP` | <img width=\"608\"
height=\"225\"\nalt=\"Screenshot 2025-10-15 at 12 39
04\"\nsrc=\"https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29\"\n/>
|\n| `GLOBAL_PRIVILEGES_SPACE` | <img width=\"578\"
height=\"204\"\nalt=\"Screenshot 2025-10-15 at 12 43
20\"\nsrc=\"https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c\"\n/>|\n|
`GLOBAL_RESOURCE_MIXED` | <img width=\"388\"
height=\"184\"\nalt=\"Screenshot 2025-10-15 at 12 38
36\"\nsrc=\"https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f\"\n/>|\n|
`BASE_FEATURE_PRIVILEGES_MIXED ` | <img width=\"478\"
height=\"186\"\nalt=\"Screenshot 2025-10-15 at 12 42
59\"\nsrc=\"https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa\"\n/>
|\n| `INVALID_RESOURCE_FORMAT ` | <img width=\"435\"
height=\"195\"\nalt=\"Screenshot 2025-10-15 at 12 47
05\"\nsrc=\"https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0\"\n/>
|\n| `DUPLICATED_RESOURCES ` | <img width=\"390\"
height=\"190\"\nalt=\"Screenshot 2025-10-15 at 12 48
26\"\nsrc=\"https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c\"\n/>
|\n| `SPACE_PRIVILEGES_GLOBAL` | <img width=\"398\"
height=\"188\"\nalt=\"Screenshot 2025-10-15 at 12 50
14\"\nsrc=\"https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8\"\n/>
|\n| `RESERVED_PRIVILEGES_MIXED` | <img width=\"566\"
height=\"203\"\nalt=\"Screenshot 2025-10-15 at 12 53
54\"\nsrc=\"https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100\"\n/>|\n|
`DISABLED_FEATURE_PRIVILEGES` | <img width=\"382\"
height=\"198\"\nalt=\"Screenshot 2025-10-15 at 12 54
41\"\nsrc=\"https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc\"\n/>
|\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] The PR
description includes the appropriate Release Notes section,\nand the
correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n-
[x] Review the
[backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand
apply applicable `backport:*` labels.\n\n__Closes:
https://github.com/elastic/kibana/issues/224053__\n\n## Release
Note\nEnhanced the error message to include detailed information about
why the\nrole is considered
malformed.","sha":"762bed0ce1e9acb305e51f14b81d167467c7a9ed"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","9.1","8.18","8.19","9.0"],"targetPullRequestStates":[{"branch":"9.2","label":"v9.2.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.3.0","branchLabelMappingKey":"^v9.3.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/239098","number":239098,"mergeCommit":{"message":"[Roles]
Added error reasons for role malformed message (#239098)\n\n##
Summary\n\nAdded error reasons for role malformed message.\n\n### How to
test\n\n<details>\n <summary>1. Create a couple of malformed
roles</summary>\n \n ```\n POST _security/role\n {\n \"roles\": {\n
\"malformed-reserved-privileges-wrong-app-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\"\n ],\n \"resources\": [\n \"*\"\n ]\n }\n ],\n
\"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\": {\n
\"enabled\": true\n }\n },\n \"malformed-space-privileges-global-role\":
{\n \"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"space_read\"\n ],\n \"resources\": [\n \"*\"\n ]\n
}\n ],\n \"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\":
{\n \"enabled\": true\n }\n },\n
\"malformed-global-privileges-space-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n \"all\"\n
],\n \"resources\": [\n \"space:default\"\n ]\n }\n ],\n \"run_as\":
[],\n \"metadata\": {},\n \"transient_metadata\": {\n \"enabled\":
true\n }\n },\n \"malformed-base-feature-privileges-mixed-role\": {\n
\"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"all\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n },\n
\"malformed-invalid-resource-format-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"invalid:resource:format\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-duplicated-resources-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"space:default\",\n \"space:default\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-reserved-privileges-mixed-role\": {\n \"cluster\":
[],\n \"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n
{\n \"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n }\n }\n }\n
```\n</details>\n\n2. Go to Stack Management -> Roles ->
[MALFORMED_ROLE] and check the\ndisplayed error messages.\n\nThe code
block for kibana applications has been added underneath the\nmessage as
well.\n<img width=\"613\" height=\"309\" alt=\"Screenshot 2025-10-15 at
14 59
58\"\nsrc=\"https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be\"\n/>\n\n\n|
Error Reason | Client Message |\n| ------------- | ------------- |\n|
`RESERVED_PRIVILEGES_WRONG_APP` | <img width=\"608\"
height=\"225\"\nalt=\"Screenshot 2025-10-15 at 12 39
04\"\nsrc=\"https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29\"\n/>
|\n| `GLOBAL_PRIVILEGES_SPACE` | <img width=\"578\"
height=\"204\"\nalt=\"Screenshot 2025-10-15 at 12 43
20\"\nsrc=\"https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c\"\n/>|\n|
`GLOBAL_RESOURCE_MIXED` | <img width=\"388\"
height=\"184\"\nalt=\"Screenshot 2025-10-15 at 12 38
36\"\nsrc=\"https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f\"\n/>|\n|
`BASE_FEATURE_PRIVILEGES_MIXED ` | <img width=\"478\"
height=\"186\"\nalt=\"Screenshot 2025-10-15 at 12 42
59\"\nsrc=\"https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa\"\n/>
|\n| `INVALID_RESOURCE_FORMAT ` | <img width=\"435\"
height=\"195\"\nalt=\"Screenshot 2025-10-15 at 12 47
05\"\nsrc=\"https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0\"\n/>
|\n| `DUPLICATED_RESOURCES ` | <img width=\"390\"
height=\"190\"\nalt=\"Screenshot 2025-10-15 at 12 48
26\"\nsrc=\"https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c\"\n/>
|\n| `SPACE_PRIVILEGES_GLOBAL` | <img width=\"398\"
height=\"188\"\nalt=\"Screenshot 2025-10-15 at 12 50
14\"\nsrc=\"https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8\"\n/>
|\n| `RESERVED_PRIVILEGES_MIXED` | <img width=\"566\"
height=\"203\"\nalt=\"Screenshot 2025-10-15 at 12 53
54\"\nsrc=\"https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100\"\n/>|\n|
`DISABLED_FEATURE_PRIVILEGES` | <img width=\"382\"
height=\"198\"\nalt=\"Screenshot 2025-10-15 at 12 54
41\"\nsrc=\"https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc\"\n/>
|\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] The PR
description includes the appropriate Release Notes section,\nand the
correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n-
[x] Review the
[backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand
apply applicable `backport:*` labels.\n\n__Closes:
https://github.com/elastic/kibana/issues/224053__\n\n## Release
Note\nEnhanced the error message to include detailed information about
why the\nrole is considered
malformed.","sha":"762bed0ce1e9acb305e51f14b81d167467c7a9ed"}},{"branch":"9.1","label":"v9.1.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.9","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.9","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>
kibanamachine added a commit that referenced this pull request Oct 16, 2025
@kibanamachine @elena-shostak
[9.1] [Roles] Added error reasons for role malformed message (#239098) (
5da955c 
#239412)

# Backport

This will backport the following commits from `main` to `9.1`:
- [[Roles] Added error reasons for role malformed message
(#239098)](#239098)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Elena
Shostak","email":"165678770+elena-shostak@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-10-16T17:13:28Z","message":"[Roles]
Added error reasons for role malformed message (#239098)\n\n##
Summary\n\nAdded error reasons for role malformed message.\n\n### How to
test\n\n<details>\n <summary>1. Create a couple of malformed
roles</summary>\n \n ```\n POST _security/role\n {\n \"roles\": {\n
\"malformed-reserved-privileges-wrong-app-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\"\n ],\n \"resources\": [\n \"*\"\n ]\n }\n ],\n
\"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\": {\n
\"enabled\": true\n }\n },\n \"malformed-space-privileges-global-role\":
{\n \"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"space_read\"\n ],\n \"resources\": [\n \"*\"\n ]\n
}\n ],\n \"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\":
{\n \"enabled\": true\n }\n },\n
\"malformed-global-privileges-space-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n \"all\"\n
],\n \"resources\": [\n \"space:default\"\n ]\n }\n ],\n \"run_as\":
[],\n \"metadata\": {},\n \"transient_metadata\": {\n \"enabled\":
true\n }\n },\n \"malformed-base-feature-privileges-mixed-role\": {\n
\"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"all\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n },\n
\"malformed-invalid-resource-format-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"invalid:resource:format\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-duplicated-resources-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"space:default\",\n \"space:default\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-reserved-privileges-mixed-role\": {\n \"cluster\":
[],\n \"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n
{\n \"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n }\n }\n }\n
```\n</details>\n\n2. Go to Stack Management -> Roles ->
[MALFORMED_ROLE] and check the\ndisplayed error messages.\n\nThe code
block for kibana applications has been added underneath the\nmessage as
well.\n<img width=\"613\" height=\"309\" alt=\"Screenshot 2025-10-15 at
14 59
58\"\nsrc=\"https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be\"\n/>\n\n\n|
Error Reason | Client Message |\n| ------------- | ------------- |\n|
`RESERVED_PRIVILEGES_WRONG_APP` | <img width=\"608\"
height=\"225\"\nalt=\"Screenshot 2025-10-15 at 12 39
04\"\nsrc=\"https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29\"\n/>
|\n| `GLOBAL_PRIVILEGES_SPACE` | <img width=\"578\"
height=\"204\"\nalt=\"Screenshot 2025-10-15 at 12 43
20\"\nsrc=\"https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c\"\n/>|\n|
`GLOBAL_RESOURCE_MIXED` | <img width=\"388\"
height=\"184\"\nalt=\"Screenshot 2025-10-15 at 12 38
36\"\nsrc=\"https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f\"\n/>|\n|
`BASE_FEATURE_PRIVILEGES_MIXED ` | <img width=\"478\"
height=\"186\"\nalt=\"Screenshot 2025-10-15 at 12 42
59\"\nsrc=\"https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa\"\n/>
|\n| `INVALID_RESOURCE_FORMAT ` | <img width=\"435\"
height=\"195\"\nalt=\"Screenshot 2025-10-15 at 12 47
05\"\nsrc=\"https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0\"\n/>
|\n| `DUPLICATED_RESOURCES ` | <img width=\"390\"
height=\"190\"\nalt=\"Screenshot 2025-10-15 at 12 48
26\"\nsrc=\"https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c\"\n/>
|\n| `SPACE_PRIVILEGES_GLOBAL` | <img width=\"398\"
height=\"188\"\nalt=\"Screenshot 2025-10-15 at 12 50
14\"\nsrc=\"https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8\"\n/>
|\n| `RESERVED_PRIVILEGES_MIXED` | <img width=\"566\"
height=\"203\"\nalt=\"Screenshot 2025-10-15 at 12 53
54\"\nsrc=\"https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100\"\n/>|\n|
`DISABLED_FEATURE_PRIVILEGES` | <img width=\"382\"
height=\"198\"\nalt=\"Screenshot 2025-10-15 at 12 54
41\"\nsrc=\"https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc\"\n/>
|\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] The PR
description includes the appropriate Release Notes section,\nand the
correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n-
[x] Review the
[backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand
apply applicable `backport:*` labels.\n\n__Closes:
https://github.com/elastic/kibana/issues/224053__\n\n## Release
Note\nEnhanced the error message to include detailed information about
why the\nrole is considered
malformed.","sha":"762bed0ce1e9acb305e51f14b81d167467c7a9ed","branchLabelMapping":{"^v9.3.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","Team:Security","enhancement","Feature:Users/Roles/API
Keys","backport:version","v9.2.0","v9.3.0","v9.1.6","v8.18.9","v8.19.6","v9.0.9"],"title":"[Roles]
Added error reasons for role malformed
message","number":239098,"url":"https://github.com/elastic/kibana/pull/239098","mergeCommit":{"message":"[Roles]
Added error reasons for role malformed message (#239098)\n\n##
Summary\n\nAdded error reasons for role malformed message.\n\n### How to
test\n\n<details>\n <summary>1. Create a couple of malformed
roles</summary>\n \n ```\n POST _security/role\n {\n \"roles\": {\n
\"malformed-reserved-privileges-wrong-app-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\"\n ],\n \"resources\": [\n \"*\"\n ]\n }\n ],\n
\"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\": {\n
\"enabled\": true\n }\n },\n \"malformed-space-privileges-global-role\":
{\n \"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"space_read\"\n ],\n \"resources\": [\n \"*\"\n ]\n
}\n ],\n \"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\":
{\n \"enabled\": true\n }\n },\n
\"malformed-global-privileges-space-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n \"all\"\n
],\n \"resources\": [\n \"space:default\"\n ]\n }\n ],\n \"run_as\":
[],\n \"metadata\": {},\n \"transient_metadata\": {\n \"enabled\":
true\n }\n },\n \"malformed-base-feature-privileges-mixed-role\": {\n
\"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"all\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n },\n
\"malformed-invalid-resource-format-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"invalid:resource:format\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-duplicated-resources-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"space:default\",\n \"space:default\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-reserved-privileges-mixed-role\": {\n \"cluster\":
[],\n \"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n
{\n \"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n }\n }\n }\n
```\n</details>\n\n2. Go to Stack Management -> Roles ->
[MALFORMED_ROLE] and check the\ndisplayed error messages.\n\nThe code
block for kibana applications has been added underneath the\nmessage as
well.\n<img width=\"613\" height=\"309\" alt=\"Screenshot 2025-10-15 at
14 59
58\"\nsrc=\"https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be\"\n/>\n\n\n|
Error Reason | Client Message |\n| ------------- | ------------- |\n|
`RESERVED_PRIVILEGES_WRONG_APP` | <img width=\"608\"
height=\"225\"\nalt=\"Screenshot 2025-10-15 at 12 39
04\"\nsrc=\"https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29\"\n/>
|\n| `GLOBAL_PRIVILEGES_SPACE` | <img width=\"578\"
height=\"204\"\nalt=\"Screenshot 2025-10-15 at 12 43
20\"\nsrc=\"https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c\"\n/>|\n|
`GLOBAL_RESOURCE_MIXED` | <img width=\"388\"
height=\"184\"\nalt=\"Screenshot 2025-10-15 at 12 38
36\"\nsrc=\"https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f\"\n/>|\n|
`BASE_FEATURE_PRIVILEGES_MIXED ` | <img width=\"478\"
height=\"186\"\nalt=\"Screenshot 2025-10-15 at 12 42
59\"\nsrc=\"https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa\"\n/>
|\n| `INVALID_RESOURCE_FORMAT ` | <img width=\"435\"
height=\"195\"\nalt=\"Screenshot 2025-10-15 at 12 47
05\"\nsrc=\"https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0\"\n/>
|\n| `DUPLICATED_RESOURCES ` | <img width=\"390\"
height=\"190\"\nalt=\"Screenshot 2025-10-15 at 12 48
26\"\nsrc=\"https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c\"\n/>
|\n| `SPACE_PRIVILEGES_GLOBAL` | <img width=\"398\"
height=\"188\"\nalt=\"Screenshot 2025-10-15 at 12 50
14\"\nsrc=\"https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8\"\n/>
|\n| `RESERVED_PRIVILEGES_MIXED` | <img width=\"566\"
height=\"203\"\nalt=\"Screenshot 2025-10-15 at 12 53
54\"\nsrc=\"https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100\"\n/>|\n|
`DISABLED_FEATURE_PRIVILEGES` | <img width=\"382\"
height=\"198\"\nalt=\"Screenshot 2025-10-15 at 12 54
41\"\nsrc=\"https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc\"\n/>
|\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] The PR
description includes the appropriate Release Notes section,\nand the
correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n-
[x] Review the
[backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand
apply applicable `backport:*` labels.\n\n__Closes:
https://github.com/elastic/kibana/issues/224053__\n\n## Release
Note\nEnhanced the error message to include detailed information about
why the\nrole is considered
malformed.","sha":"762bed0ce1e9acb305e51f14b81d167467c7a9ed"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","9.1","8.18","8.19","9.0"],"targetPullRequestStates":[{"branch":"9.2","label":"v9.2.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.3.0","branchLabelMappingKey":"^v9.3.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/239098","number":239098,"mergeCommit":{"message":"[Roles]
Added error reasons for role malformed message (#239098)\n\n##
Summary\n\nAdded error reasons for role malformed message.\n\n### How to
test\n\n<details>\n <summary>1. Create a couple of malformed
roles</summary>\n \n ```\n POST _security/role\n {\n \"roles\": {\n
\"malformed-reserved-privileges-wrong-app-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\"\n ],\n \"resources\": [\n \"*\"\n ]\n }\n ],\n
\"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\": {\n
\"enabled\": true\n }\n },\n \"malformed-space-privileges-global-role\":
{\n \"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"space_read\"\n ],\n \"resources\": [\n \"*\"\n ]\n
}\n ],\n \"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\":
{\n \"enabled\": true\n }\n },\n
\"malformed-global-privileges-space-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n \"all\"\n
],\n \"resources\": [\n \"space:default\"\n ]\n }\n ],\n \"run_as\":
[],\n \"metadata\": {},\n \"transient_metadata\": {\n \"enabled\":
true\n }\n },\n \"malformed-base-feature-privileges-mixed-role\": {\n
\"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"all\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n },\n
\"malformed-invalid-resource-format-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"invalid:resource:format\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-duplicated-resources-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"space:default\",\n \"space:default\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-reserved-privileges-mixed-role\": {\n \"cluster\":
[],\n \"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n
{\n \"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n }\n }\n }\n
```\n</details>\n\n2. Go to Stack Management -> Roles ->
[MALFORMED_ROLE] and check the\ndisplayed error messages.\n\nThe code
block for kibana applications has been added underneath the\nmessage as
well.\n<img width=\"613\" height=\"309\" alt=\"Screenshot 2025-10-15 at
14 59
58\"\nsrc=\"https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be\"\n/>\n\n\n|
Error Reason | Client Message |\n| ------------- | ------------- |\n|
`RESERVED_PRIVILEGES_WRONG_APP` | <img width=\"608\"
height=\"225\"\nalt=\"Screenshot 2025-10-15 at 12 39
04\"\nsrc=\"https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29\"\n/>
|\n| `GLOBAL_PRIVILEGES_SPACE` | <img width=\"578\"
height=\"204\"\nalt=\"Screenshot 2025-10-15 at 12 43
20\"\nsrc=\"https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c\"\n/>|\n|
`GLOBAL_RESOURCE_MIXED` | <img width=\"388\"
height=\"184\"\nalt=\"Screenshot 2025-10-15 at 12 38
36\"\nsrc=\"https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f\"\n/>|\n|
`BASE_FEATURE_PRIVILEGES_MIXED ` | <img width=\"478\"
height=\"186\"\nalt=\"Screenshot 2025-10-15 at 12 42
59\"\nsrc=\"https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa\"\n/>
|\n| `INVALID_RESOURCE_FORMAT ` | <img width=\"435\"
height=\"195\"\nalt=\"Screenshot 2025-10-15 at 12 47
05\"\nsrc=\"https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0\"\n/>
|\n| `DUPLICATED_RESOURCES ` | <img width=\"390\"
height=\"190\"\nalt=\"Screenshot 2025-10-15 at 12 48
26\"\nsrc=\"https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c\"\n/>
|\n| `SPACE_PRIVILEGES_GLOBAL` | <img width=\"398\"
height=\"188\"\nalt=\"Screenshot 2025-10-15 at 12 50
14\"\nsrc=\"https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8\"\n/>
|\n| `RESERVED_PRIVILEGES_MIXED` | <img width=\"566\"
height=\"203\"\nalt=\"Screenshot 2025-10-15 at 12 53
54\"\nsrc=\"https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100\"\n/>|\n|
`DISABLED_FEATURE_PRIVILEGES` | <img width=\"382\"
height=\"198\"\nalt=\"Screenshot 2025-10-15 at 12 54
41\"\nsrc=\"https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc\"\n/>
|\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] The PR
description includes the appropriate Release Notes section,\nand the
correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n-
[x] Review the
[backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand
apply applicable `backport:*` labels.\n\n__Closes:
https://github.com/elastic/kibana/issues/224053__\n\n## Release
Note\nEnhanced the error message to include detailed information about
why the\nrole is considered
malformed.","sha":"762bed0ce1e9acb305e51f14b81d167467c7a9ed"}},{"branch":"9.1","label":"v9.1.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.9","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.9","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>
kibanamachine added a commit that referenced this pull request Oct 16, 2025
@kibanamachine @elena-shostak
[9.2] [Roles] Added error reasons for role malformed message (#239098) (
1878e8f 
#239413)

# Backport

This will backport the following commits from `main` to `9.2`:
- [[Roles] Added error reasons for role malformed message
(#239098)](#239098)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Elena
Shostak","email":"165678770+elena-shostak@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-10-16T17:13:28Z","message":"[Roles]
Added error reasons for role malformed message (#239098)\n\n##
Summary\n\nAdded error reasons for role malformed message.\n\n### How to
test\n\n<details>\n <summary>1. Create a couple of malformed
roles</summary>\n \n ```\n POST _security/role\n {\n \"roles\": {\n
\"malformed-reserved-privileges-wrong-app-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\"\n ],\n \"resources\": [\n \"*\"\n ]\n }\n ],\n
\"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\": {\n
\"enabled\": true\n }\n },\n \"malformed-space-privileges-global-role\":
{\n \"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"space_read\"\n ],\n \"resources\": [\n \"*\"\n ]\n
}\n ],\n \"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\":
{\n \"enabled\": true\n }\n },\n
\"malformed-global-privileges-space-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n \"all\"\n
],\n \"resources\": [\n \"space:default\"\n ]\n }\n ],\n \"run_as\":
[],\n \"metadata\": {},\n \"transient_metadata\": {\n \"enabled\":
true\n }\n },\n \"malformed-base-feature-privileges-mixed-role\": {\n
\"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"all\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n },\n
\"malformed-invalid-resource-format-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"invalid:resource:format\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-duplicated-resources-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"space:default\",\n \"space:default\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-reserved-privileges-mixed-role\": {\n \"cluster\":
[],\n \"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n
{\n \"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n }\n }\n }\n
```\n</details>\n\n2. Go to Stack Management -> Roles ->
[MALFORMED_ROLE] and check the\ndisplayed error messages.\n\nThe code
block for kibana applications has been added underneath the\nmessage as
well.\n<img width=\"613\" height=\"309\" alt=\"Screenshot 2025-10-15 at
14 59
58\"\nsrc=\"https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be\"\n/>\n\n\n|
Error Reason | Client Message |\n| ------------- | ------------- |\n|
`RESERVED_PRIVILEGES_WRONG_APP` | <img width=\"608\"
height=\"225\"\nalt=\"Screenshot 2025-10-15 at 12 39
04\"\nsrc=\"https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29\"\n/>
|\n| `GLOBAL_PRIVILEGES_SPACE` | <img width=\"578\"
height=\"204\"\nalt=\"Screenshot 2025-10-15 at 12 43
20\"\nsrc=\"https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c\"\n/>|\n|
`GLOBAL_RESOURCE_MIXED` | <img width=\"388\"
height=\"184\"\nalt=\"Screenshot 2025-10-15 at 12 38
36\"\nsrc=\"https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f\"\n/>|\n|
`BASE_FEATURE_PRIVILEGES_MIXED ` | <img width=\"478\"
height=\"186\"\nalt=\"Screenshot 2025-10-15 at 12 42
59\"\nsrc=\"https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa\"\n/>
|\n| `INVALID_RESOURCE_FORMAT ` | <img width=\"435\"
height=\"195\"\nalt=\"Screenshot 2025-10-15 at 12 47
05\"\nsrc=\"https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0\"\n/>
|\n| `DUPLICATED_RESOURCES ` | <img width=\"390\"
height=\"190\"\nalt=\"Screenshot 2025-10-15 at 12 48
26\"\nsrc=\"https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c\"\n/>
|\n| `SPACE_PRIVILEGES_GLOBAL` | <img width=\"398\"
height=\"188\"\nalt=\"Screenshot 2025-10-15 at 12 50
14\"\nsrc=\"https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8\"\n/>
|\n| `RESERVED_PRIVILEGES_MIXED` | <img width=\"566\"
height=\"203\"\nalt=\"Screenshot 2025-10-15 at 12 53
54\"\nsrc=\"https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100\"\n/>|\n|
`DISABLED_FEATURE_PRIVILEGES` | <img width=\"382\"
height=\"198\"\nalt=\"Screenshot 2025-10-15 at 12 54
41\"\nsrc=\"https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc\"\n/>
|\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] The PR
description includes the appropriate Release Notes section,\nand the
correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n-
[x] Review the
[backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand
apply applicable `backport:*` labels.\n\n__Closes:
https://github.com/elastic/kibana/issues/224053__\n\n## Release
Note\nEnhanced the error message to include detailed information about
why the\nrole is considered
malformed.","sha":"762bed0ce1e9acb305e51f14b81d167467c7a9ed","branchLabelMapping":{"^v9.3.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","Team:Security","enhancement","Feature:Users/Roles/API
Keys","backport:version","v9.2.0","v9.3.0","v9.1.6","v8.18.9","v8.19.6","v9.0.9"],"title":"[Roles]
Added error reasons for role malformed
message","number":239098,"url":"https://github.com/elastic/kibana/pull/239098","mergeCommit":{"message":"[Roles]
Added error reasons for role malformed message (#239098)\n\n##
Summary\n\nAdded error reasons for role malformed message.\n\n### How to
test\n\n<details>\n <summary>1. Create a couple of malformed
roles</summary>\n \n ```\n POST _security/role\n {\n \"roles\": {\n
\"malformed-reserved-privileges-wrong-app-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\"\n ],\n \"resources\": [\n \"*\"\n ]\n }\n ],\n
\"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\": {\n
\"enabled\": true\n }\n },\n \"malformed-space-privileges-global-role\":
{\n \"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"space_read\"\n ],\n \"resources\": [\n \"*\"\n ]\n
}\n ],\n \"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\":
{\n \"enabled\": true\n }\n },\n
\"malformed-global-privileges-space-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n \"all\"\n
],\n \"resources\": [\n \"space:default\"\n ]\n }\n ],\n \"run_as\":
[],\n \"metadata\": {},\n \"transient_metadata\": {\n \"enabled\":
true\n }\n },\n \"malformed-base-feature-privileges-mixed-role\": {\n
\"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"all\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n },\n
\"malformed-invalid-resource-format-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"invalid:resource:format\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-duplicated-resources-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"space:default\",\n \"space:default\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-reserved-privileges-mixed-role\": {\n \"cluster\":
[],\n \"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n
{\n \"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n }\n }\n }\n
```\n</details>\n\n2. Go to Stack Management -> Roles ->
[MALFORMED_ROLE] and check the\ndisplayed error messages.\n\nThe code
block for kibana applications has been added underneath the\nmessage as
well.\n<img width=\"613\" height=\"309\" alt=\"Screenshot 2025-10-15 at
14 59
58\"\nsrc=\"https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be\"\n/>\n\n\n|
Error Reason | Client Message |\n| ------------- | ------------- |\n|
`RESERVED_PRIVILEGES_WRONG_APP` | <img width=\"608\"
height=\"225\"\nalt=\"Screenshot 2025-10-15 at 12 39
04\"\nsrc=\"https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29\"\n/>
|\n| `GLOBAL_PRIVILEGES_SPACE` | <img width=\"578\"
height=\"204\"\nalt=\"Screenshot 2025-10-15 at 12 43
20\"\nsrc=\"https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c\"\n/>|\n|
`GLOBAL_RESOURCE_MIXED` | <img width=\"388\"
height=\"184\"\nalt=\"Screenshot 2025-10-15 at 12 38
36\"\nsrc=\"https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f\"\n/>|\n|
`BASE_FEATURE_PRIVILEGES_MIXED ` | <img width=\"478\"
height=\"186\"\nalt=\"Screenshot 2025-10-15 at 12 42
59\"\nsrc=\"https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa\"\n/>
|\n| `INVALID_RESOURCE_FORMAT ` | <img width=\"435\"
height=\"195\"\nalt=\"Screenshot 2025-10-15 at 12 47
05\"\nsrc=\"https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0\"\n/>
|\n| `DUPLICATED_RESOURCES ` | <img width=\"390\"
height=\"190\"\nalt=\"Screenshot 2025-10-15 at 12 48
26\"\nsrc=\"https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c\"\n/>
|\n| `SPACE_PRIVILEGES_GLOBAL` | <img width=\"398\"
height=\"188\"\nalt=\"Screenshot 2025-10-15 at 12 50
14\"\nsrc=\"https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8\"\n/>
|\n| `RESERVED_PRIVILEGES_MIXED` | <img width=\"566\"
height=\"203\"\nalt=\"Screenshot 2025-10-15 at 12 53
54\"\nsrc=\"https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100\"\n/>|\n|
`DISABLED_FEATURE_PRIVILEGES` | <img width=\"382\"
height=\"198\"\nalt=\"Screenshot 2025-10-15 at 12 54
41\"\nsrc=\"https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc\"\n/>
|\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] The PR
description includes the appropriate Release Notes section,\nand the
correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n-
[x] Review the
[backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand
apply applicable `backport:*` labels.\n\n__Closes:
https://github.com/elastic/kibana/issues/224053__\n\n## Release
Note\nEnhanced the error message to include detailed information about
why the\nrole is considered
malformed.","sha":"762bed0ce1e9acb305e51f14b81d167467c7a9ed"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","9.1","8.18","8.19","9.0"],"targetPullRequestStates":[{"branch":"9.2","label":"v9.2.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.3.0","branchLabelMappingKey":"^v9.3.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/239098","number":239098,"mergeCommit":{"message":"[Roles]
Added error reasons for role malformed message (#239098)\n\n##
Summary\n\nAdded error reasons for role malformed message.\n\n### How to
test\n\n<details>\n <summary>1. Create a couple of malformed
roles</summary>\n \n ```\n POST _security/role\n {\n \"roles\": {\n
\"malformed-reserved-privileges-wrong-app-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\"\n ],\n \"resources\": [\n \"*\"\n ]\n }\n ],\n
\"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\": {\n
\"enabled\": true\n }\n },\n \"malformed-space-privileges-global-role\":
{\n \"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"space_read\"\n ],\n \"resources\": [\n \"*\"\n ]\n
}\n ],\n \"run_as\": [],\n \"metadata\": {},\n \"transient_metadata\":
{\n \"enabled\": true\n }\n },\n
\"malformed-global-privileges-space-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n \"all\"\n
],\n \"resources\": [\n \"space:default\"\n ]\n }\n ],\n \"run_as\":
[],\n \"metadata\": {},\n \"transient_metadata\": {\n \"enabled\":
true\n }\n },\n \"malformed-base-feature-privileges-mixed-role\": {\n
\"cluster\": [],\n \"remote_cluster\": [],\n \"indices\": [],\n
\"applications\": [\n {\n \"application\": \"kibana-.kibana\",\n
\"privileges\": [\n \"all\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n },\n
\"malformed-invalid-resource-format-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"invalid:resource:format\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-duplicated-resources-role\": {\n \"cluster\": [],\n
\"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n {\n
\"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"feature_dashboard.read\"\n ],\n \"resources\": [\n
\"space:default\",\n \"space:default\"\n ]\n }\n ],\n \"run_as\": [],\n
\"metadata\": {},\n \"transient_metadata\": {\n \"enabled\": true\n }\n
},\n \"malformed-reserved-privileges-mixed-role\": {\n \"cluster\":
[],\n \"remote_cluster\": [],\n \"indices\": [],\n \"applications\": [\n
{\n \"application\": \"kibana-.kibana\",\n \"privileges\": [\n
\"reserved_ml_admin\",\n \"feature_dashboard.read\"\n ],\n
\"resources\": [\n \"*\"\n ]\n }\n ],\n \"run_as\": [],\n \"metadata\":
{},\n \"transient_metadata\": {\n \"enabled\": true\n }\n }\n }\n }\n
```\n</details>\n\n2. Go to Stack Management -> Roles ->
[MALFORMED_ROLE] and check the\ndisplayed error messages.\n\nThe code
block for kibana applications has been added underneath the\nmessage as
well.\n<img width=\"613\" height=\"309\" alt=\"Screenshot 2025-10-15 at
14 59
58\"\nsrc=\"https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be\"\n/>\n\n\n|
Error Reason | Client Message |\n| ------------- | ------------- |\n|
`RESERVED_PRIVILEGES_WRONG_APP` | <img width=\"608\"
height=\"225\"\nalt=\"Screenshot 2025-10-15 at 12 39
04\"\nsrc=\"https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29\"\n/>
|\n| `GLOBAL_PRIVILEGES_SPACE` | <img width=\"578\"
height=\"204\"\nalt=\"Screenshot 2025-10-15 at 12 43
20\"\nsrc=\"https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c\"\n/>|\n|
`GLOBAL_RESOURCE_MIXED` | <img width=\"388\"
height=\"184\"\nalt=\"Screenshot 2025-10-15 at 12 38
36\"\nsrc=\"https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f\"\n/>|\n|
`BASE_FEATURE_PRIVILEGES_MIXED ` | <img width=\"478\"
height=\"186\"\nalt=\"Screenshot 2025-10-15 at 12 42
59\"\nsrc=\"https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa\"\n/>
|\n| `INVALID_RESOURCE_FORMAT ` | <img width=\"435\"
height=\"195\"\nalt=\"Screenshot 2025-10-15 at 12 47
05\"\nsrc=\"https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0\"\n/>
|\n| `DUPLICATED_RESOURCES ` | <img width=\"390\"
height=\"190\"\nalt=\"Screenshot 2025-10-15 at 12 48
26\"\nsrc=\"https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c\"\n/>
|\n| `SPACE_PRIVILEGES_GLOBAL` | <img width=\"398\"
height=\"188\"\nalt=\"Screenshot 2025-10-15 at 12 50
14\"\nsrc=\"https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8\"\n/>
|\n| `RESERVED_PRIVILEGES_MIXED` | <img width=\"566\"
height=\"203\"\nalt=\"Screenshot 2025-10-15 at 12 53
54\"\nsrc=\"https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100\"\n/>|\n|
`DISABLED_FEATURE_PRIVILEGES` | <img width=\"382\"
height=\"198\"\nalt=\"Screenshot 2025-10-15 at 12 54
41\"\nsrc=\"https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc\"\n/>
|\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] The PR
description includes the appropriate Release Notes section,\nand the
correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n-
[x] Review the
[backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand
apply applicable `backport:*` labels.\n\n__Closes:
https://github.com/elastic/kibana/issues/224053__\n\n## Release
Note\nEnhanced the error message to include detailed information about
why the\nrole is considered
malformed.","sha":"762bed0ce1e9acb305e51f14b81d167467c7a9ed"}},{"branch":"9.1","label":"v9.1.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.9","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.9","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>
nickpeihl pushed a commit to nickpeihl/kibana that referenced this pull request Oct 23, 2025
@elena-shostak @nickpeihl
[Roles] Added error reasons for role malformed message (elastic#239098)
6a9c73e 
## Summary

Added error reasons for role malformed message.

### How to test

<details>
  <summary>1. Create a couple of malformed roles</summary>
  
  ```
  POST _security/role
  {
    "roles": {
      "malformed-reserved-privileges-wrong-app-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-space-privileges-global-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "space_read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-global-privileges-space-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all"
            ],
            "resources": [
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-base-feature-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-invalid-resource-format-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "invalid:resource:format"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-duplicated-resources-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "space:default",
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-reserved-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      }
    }
  }
  ```
</details>

2. Go to Stack Management -> Roles -> [MALFORMED_ROLE] and check the
displayed error messages.

The code block for kibana applications has been added underneath the
message as well.
<img width="613" height="309" alt="Screenshot 2025-10-15 at 14 59 58"
src="https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be"
/>


| Error Reason  | Client Message |
| ------------- | ------------- |
| `RESERVED_PRIVILEGES_WRONG_APP` | <img width="608" height="225"
alt="Screenshot 2025-10-15 at 12 39 04"
src="https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29"
/> |
| `GLOBAL_PRIVILEGES_SPACE` | <img width="578" height="204"
alt="Screenshot 2025-10-15 at 12 43 20"
src="https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c"
/>|
| `GLOBAL_RESOURCE_MIXED` | <img width="388" height="184"
alt="Screenshot 2025-10-15 at 12 38 36"
src="https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f"
/>|
| `BASE_FEATURE_PRIVILEGES_MIXED ` | <img width="478" height="186"
alt="Screenshot 2025-10-15 at 12 42 59"
src="https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa"
/> |
| `INVALID_RESOURCE_FORMAT ` | <img width="435" height="195"
alt="Screenshot 2025-10-15 at 12 47 05"
src="https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0"
/> |
| `DUPLICATED_RESOURCES ` | <img width="390" height="190"
alt="Screenshot 2025-10-15 at 12 48 26"
src="https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c"
/> |
| `SPACE_PRIVILEGES_GLOBAL` | <img width="398" height="188"
alt="Screenshot 2025-10-15 at 12 50 14"
src="https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8"
/> |
| `RESERVED_PRIVILEGES_MIXED` | <img width="566" height="203"
alt="Screenshot 2025-10-15 at 12 53 54"
src="https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100"
/>|
| `DISABLED_FEATURE_PRIVILEGES` | <img width="382" height="198"
alt="Screenshot 2025-10-15 at 12 54 41"
src="https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc"
/> |


### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
- [x] Review the [backport
guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)
and apply applicable `backport:*` labels.

__Closes: https://github.com/elastic/kibana/issues/224053__

## Release Note
Enhanced the error message to include detailed information about why the
role is considered malformed.
NicholasPeretti pushed a commit to NicholasPeretti/kibana that referenced this pull request Oct 27, 2025
@elena-shostak @NicholasPeretti
[Roles] Added error reasons for role malformed message (elastic#239098)
babc982 
## Summary

Added error reasons for role malformed message.

### How to test

<details>
  <summary>1. Create a couple of malformed roles</summary>
  
  ```
  POST _security/role
  {
    "roles": {
      "malformed-reserved-privileges-wrong-app-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-space-privileges-global-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "space_read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-global-privileges-space-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all"
            ],
            "resources": [
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-base-feature-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "all",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-invalid-resource-format-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "invalid:resource:format"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-duplicated-resources-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "feature_dashboard.read"
            ],
            "resources": [
              "space:default",
              "space:default"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      },
      "malformed-reserved-privileges-mixed-role": {
        "cluster": [],
        "remote_cluster": [],
        "indices": [],
        "applications": [
          {
            "application": "kibana-.kibana",
            "privileges": [
              "reserved_ml_admin",
              "feature_dashboard.read"
            ],
            "resources": [
              "*"
            ]
          }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
          "enabled": true
        }
      }
    }
  }
  ```
</details>

2. Go to Stack Management -> Roles -> [MALFORMED_ROLE] and check the
displayed error messages.

The code block for kibana applications has been added underneath the
message as well.
<img width="613" height="309" alt="Screenshot 2025-10-15 at 14 59 58"
src="https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be"
/>


| Error Reason  | Client Message |
| ------------- | ------------- |
| `RESERVED_PRIVILEGES_WRONG_APP` | <img width="608" height="225"
alt="Screenshot 2025-10-15 at 12 39 04"
src="https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29"
/> |
| `GLOBAL_PRIVILEGES_SPACE` | <img width="578" height="204"
alt="Screenshot 2025-10-15 at 12 43 20"
src="https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c"
/>|
| `GLOBAL_RESOURCE_MIXED` | <img width="388" height="184"
alt="Screenshot 2025-10-15 at 12 38 36"
src="https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f"
/>|
| `BASE_FEATURE_PRIVILEGES_MIXED ` | <img width="478" height="186"
alt="Screenshot 2025-10-15 at 12 42 59"
src="https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa"
/> |
| `INVALID_RESOURCE_FORMAT ` | <img width="435" height="195"
alt="Screenshot 2025-10-15 at 12 47 05"
src="https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0"
/> |
| `DUPLICATED_RESOURCES ` | <img width="390" height="190"
alt="Screenshot 2025-10-15 at 12 48 26"
src="https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c"
/> |
| `SPACE_PRIVILEGES_GLOBAL` | <img width="398" height="188"
alt="Screenshot 2025-10-15 at 12 50 14"
src="https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8"
/> |
| `RESERVED_PRIVILEGES_MIXED` | <img width="566" height="203"
alt="Screenshot 2025-10-15 at 12 53 54"
src="https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100"
/>|
| `DISABLED_FEATURE_PRIVILEGES` | <img width="382" height="198"
alt="Screenshot 2025-10-15 at 12 54 41"
src="https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc"
/> |


### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
- [x] Review the [backport
guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)
and apply applicable `backport:*` labels.

__Closes: https://github.com/elastic/kibana/issues/224053__

## Release Note
Enhanced the error message to include detailed information about why the
role is considered malformed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport:version Backport to applied version labels enhancement New value added to drive a business result Feature:Users/Roles/API Keys release_note:enhancement Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// v8.19.6 v9.1.6 v9.2.0 v9.3.0

4 participants

@elena-shostak @elasticmachine @kibanamachine @rgodfrey-elastic