[9.2] Check for integrations permissions before loading component (#239122) (#239186)

# Backport

This will backport the following commits from `main` to `9.2`:
- [Check for integrations permissions before loading component
(#239122)](#239122)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Charlotte Alexandra
Wilson","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-10-15T16:05:03Z","message":"Check
for integrations permissions before loading component (#239122)\n\n###
Summary\nThis PR introduces a check for fleet read permissions before
loading in\nthe integrations data source component. If the permissions
are not\navailable, a warning is shown.\n\nThis solves the bug:
https://github.com/elastic/kibana/issues/238852\n\nAlso removes text for
customising roles and groups for privileged users\n- as this has not
been implemented yet. (screenshot at bottom)\n\n**New, Expected
outcome:** \n<img width=\"2758\" height=\"1778\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6624a885-240c-417c-b9f3-d2b0f317249c\"\n/>\n\n####
Testing Steps \n1. Login to Kibana\n2. From stack management create a
user with fleet and integrations\npermissions set to none (screenshot
below).\n- I find its easiest to copy all settings from superuser and
edit just\nthe two above.\n3. Login with that user. \n4. Navigate to
Security -> Entity Analytics -> Privileged user\nmonitoring.\n3. Click
on Manage Data Sources\n4. Observer above warning should now show
instead of generic - unable to\nload page. Both CSV and Index sources
should also be visible and usable.\n\n\n**Customise Groups and Roles
Text Removal** \n<img width=\"2650\" height=\"1608\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/476feca4-c813-400d-810a-e80b8a17bd84\"\n/>\n\n---------\n\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"19b3641152cf8d1fd45791d120bb78c2a930843e","branchLabelMapping":{"^v9.3.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:
SecuritySolution","Theme: entity_analytics","Feature:Entity
Analytics","Team:Entity
Analytics","backport:version","v9.2.0","v9.3.0"],"title":"Check for
integrations permissions before loading
component","number":239122,"url":"https://github.com/elastic/kibana/pull/239122","mergeCommit":{"message":"Check
for integrations permissions before loading component (#239122)\n\n###
Summary\nThis PR introduces a check for fleet read permissions before
loading in\nthe integrations data source component. If the permissions
are not\navailable, a warning is shown.\n\nThis solves the bug:
https://github.com/elastic/kibana/issues/238852\n\nAlso removes text for
customising roles and groups for privileged users\n- as this has not
been implemented yet. (screenshot at bottom)\n\n**New, Expected
outcome:** \n<img width=\"2758\" height=\"1778\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6624a885-240c-417c-b9f3-d2b0f317249c\"\n/>\n\n####
Testing Steps \n1. Login to Kibana\n2. From stack management create a
user with fleet and integrations\npermissions set to none (screenshot
below).\n- I find its easiest to copy all settings from superuser and
edit just\nthe two above.\n3. Login with that user. \n4. Navigate to
Security -> Entity Analytics -> Privileged user\nmonitoring.\n3. Click
on Manage Data Sources\n4. Observer above warning should now show
instead of generic - unable to\nload page. Both CSV and Index sources
should also be visible and usable.\n\n\n**Customise Groups and Roles
Text Removal** \n<img width=\"2650\" height=\"1608\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/476feca4-c813-400d-810a-e80b8a17bd84\"\n/>\n\n---------\n\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"19b3641152cf8d1fd45791d120bb78c2a930843e"}},"sourceBranch":"main","suggestedTargetBranches":["9.2"],"targetPullRequestStates":[{"branch":"9.2","label":"v9.2.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.3.0","branchLabelMappingKey":"^v9.3.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/239122","number":239122,"mergeCommit":{"message":"Check
for integrations permissions before loading component (#239122)\n\n###
Summary\nThis PR introduces a check for fleet read permissions before
loading in\nthe integrations data source component. If the permissions
are not\navailable, a warning is shown.\n\nThis solves the bug:
https://github.com/elastic/kibana/issues/238852\n\nAlso removes text for
customising roles and groups for privileged users\n- as this has not
been implemented yet. (screenshot at bottom)\n\n**New, Expected
outcome:** \n<img width=\"2758\" height=\"1778\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6624a885-240c-417c-b9f3-d2b0f317249c\"\n/>\n\n####
Testing Steps \n1. Login to Kibana\n2. From stack management create a
user with fleet and integrations\npermissions set to none (screenshot
below).\n- I find its easiest to copy all settings from superuser and
edit just\nthe two above.\n3. Login with that user. \n4. Navigate to
Security -> Entity Analytics -> Privileged user\nmonitoring.\n3. Click
on Manage Data Sources\n4. Observer above warning should now show
instead of generic - unable to\nload page. Both CSV and Index sources
should also be visible and usable.\n\n\n**Customise Groups and Roles
Text Removal** \n<img width=\"2650\" height=\"1608\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/476feca4-c813-400d-810a-e80b8a17bd84\"\n/>\n\n---------\n\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"19b3641152cf8d1fd45791d120bb78c2a930843e"}}]}]
BACKPORT-->

Co-authored-by: Charlotte Alexandra Wilson <[email protected]>

Author: kibanamachine

x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_manage_data_sources/index.tsx

@@ -9,6 +9,7 @@ import { EuiCallOut, EuiButtonEmpty, EuiSpacer } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 import React, { useState } from 'react';
+import { useKibana } from '@kbn/kibana-react-plugin/public';
 import { CsvUploadManageDataSource } from './csv_upload_manage_data_source';
 import { HeaderPage } from '../../../common/components/header_page';
 import { useSpaceId } from '../../../common/hooks/use_space_id';
@@ -28,6 +29,9 @@ export const PrivilegedUserMonitoringManageDataSources = ({
   const spaceId = useSpaceId();
   const [addDataSourceResult, setAddDataSourceResult] = useState<AddDataSourceResult | undefined>();
 
+  const { application } = useKibana().services;
+  const fleetRead = application?.capabilities?.fleetv2?.read ?? false;
+
   return (
     <>
       <EuiButtonEmpty
@@ -84,7 +88,18 @@ export const PrivilegedUserMonitoringManageDataSources = ({
         </>
       )}
 
-      <IntegrationsManageDataSource />
+      {!fleetRead && (
+        <EuiCallOut
+          title={
+            <FormattedMessage
+              id="xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.manageDataSources.integrations.noAccessMessage"
+              defaultMessage="Insufficient privileges to view or manage integrations data source. Please contact your administrator."
+            />
+          }
+          color="warning"
+        />
+      )}
+      {fleetRead && <IntegrationsManageDataSource />}
       <EuiSpacer size="xxl" />
       <IndexImportManageDataSource setAddDataSourceResult={setAddDataSourceResult} />
       <EuiSpacer size="xxl" />

x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_manage_data_sources/integrations_manage_data_source.tsx

@@ -29,7 +29,7 @@ export const IntegrationsManageDataSource = () => {
         <p>
           <FormattedMessage
             id="xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.manageDataSources.integrations.infoText"
-            defaultMessage="By default, all users with admin roles or groups are considered privileged. You can customize which roles or groups are monitored as privileged."
+            defaultMessage="By default, all users with admin roles or groups are considered privileged."
           />
         </p>
       </EuiText>