[AI4DSOC] Disable Visualize, Lens and Maps for Search AI Lake Tier (elastic#218089)

Author: tomsonpl

config/serverless.chat.yml

@@ -9,6 +9,12 @@ xpack.serverless.chat.enabled: true
 ## Cloud settings
 xpack.cloud.serverless.project_type: search
 
+## Fine-tune the search solution feature privileges. Also, refer to `serverless.yml` for the project-agnostic overrides.
+xpack.features.overrides:
+  ### Not sure if CHAT solution uses dashboard or maps
+  ### Maps feature is hidden in Role management since it's automatically granted by Dashboard feature.
+  maps_v2.hidden: true
+
 ## Set the home route
 uiSettings.overrides.defaultRoute: /app/workchat
 
@@ -23,4 +29,4 @@ xpack.wciExternalServer.enabled: true
 xpack.spaces.maxSpaces: 1
 
 ## Content Connectors in stack management
-xpack.contentConnectors.enabled: false
+xpack.contentConnectors.enabled: false

config/serverless.es.yml

@@ -50,6 +50,8 @@ xpack.features.overrides:
   dev_tools.category: "enterpriseSearch"
   ### Discover feature is moved from Analytics category to the Search one.
   discover_v2.category: "enterpriseSearch"
+  ### Maps feature is hidden in Role management since it's automatically granted by Dashboard feature.
+  maps_v2.hidden: true
   ### Machine Learning feature is moved from Analytics category to the Management one.
   ml.category: "management"
   ### Stack Alerts feature is moved from Analytics category to the Search one renamed to simply `Alerts`.

config/serverless.oblt.yml

@@ -84,6 +84,8 @@ xpack.features.overrides:
           privileges: [ "read" ]
   ### Logs feature is hidden in Role management since it's automatically granted by either Infrastructure, or Applications features.
   logs.hidden: true
+  ### Maps feature is hidden in Role management since it's automatically granted by Dashboard feature.
+  maps_v2.hidden: true
   ### Machine Learning feature should be moved from Analytics category to the Observability one and renamed to `AI Ops`.
   ml:
     category: "observability"

config/serverless.security.complete.yml

@@ -1 +1,4 @@
 # Security Complete tier config
+xpack.features.overrides:
+  ### The following features are hidden in Role management since they're automatically granted by SIEM feature.
+  maps_v2.hidden: true

config/serverless.security.essentials.yml

@@ -1,2 +1,4 @@
 # Security Essentials tier config
-
+xpack.features.overrides:
+  ### The following features are hidden in Role management since they're automatically granted by SIEM feature.
+  maps_v2.hidden: true

config/serverless.security.search_ai_lake.yml

@@ -1,9 +1,14 @@
 # Security Search AI Lake tier config
 
-## Disable plugins
+## Disable xpack plugins
 xpack.osquery.enabled: false
+xpack.maps.enabled: false
 xpack.ml.ad.enabled: false
 xpack.ml.dfa.enabled: false
+xpack.lens.enabled: false
+
+### Disable shared plugins
+visualizations.enabled: false
 
 ## Disable plugin features
 xpack.alerting.maintenanceWindow.enabled: false
@@ -18,6 +23,51 @@ xpack.features.overrides:
   siemV2.description: null
   securitySolutionSiemMigrations.hidden: true
 
+  ## Fine-tune the security solution essentials feature privileges. These feature privilege overrides are set individually for each project type. Also, refer to `serverless.yml` for the project-agnostic overrides.
+  dashboard:
+    privileges:
+      ## We do not need to compose dashboard from maps and visualizations because these functionalities are disabled in this tier
+      ## Setting to empty array so the values from serverless.yml or serverless.security.yml are overwritten
+      all.composedOf: []
+      read.composedOf: []
+  dashboard_v2:
+    privileges:
+      ## Setting to empty array so the values from serverless.yml or serverless.security.yml are overwritten
+      ## We do not need to compose dashboard from maps and visualizations because these functionalities are disabled in this tier
+      all.composedOf: []
+      read.composedOf: []
+  siemV2:
+    privileges:
+      all.composedOf:
+        ## Limited values so the fields from serverless.yml or serverless.security.yml are overwritten
+        ## We do not need to compose siemV2 from maps and visualizations because these functionalities are disabled in this tier
+        - feature: "discover_v2"
+          privileges: [ "all" ]
+        - feature: "dashboard_v2"
+          privileges: [ "all" ]
+      read.composedOf:
+        - feature: "discover_v2"
+          privileges: [ "read" ]
+        - feature: "dashboard_v2"
+          privileges: [ "read" ]
+  siem:
+    privileges:
+      all.composedOf:
+        ## Limited values so the fields from serverless.yml or serverless.security.yml are overwritten
+        ## We do not need to compose siemV2 from maps and visualizations because these functionalities are disabled in this tier
+        - feature: "discover_v2"
+          privileges: [ "all" ]
+        - feature: "dashboard_v2"
+          privileges: [ "all" ]
+        - feature: "savedQueryManagement"
+          privileges: [ "all" ]
+      read.composedOf:
+        - feature: "discover_v2"
+          privileges: [ "read" ]
+        - feature: "dashboard_v2"
+          privileges: [ "read" ]
+        - feature: "savedQueryManagement"
+          privileges: [ "read" ]
 # Custom integrations/fleet settings
 xpack.fleet.agentless.isDefault: true
 xpack.fleet.integrationsHomeOverride: '/app/security/configurations/integrations'

config/serverless.security.yml

@@ -18,8 +18,6 @@ xpack.features.overrides:
   dashboard_v2.hidden: true
   visualize.hidden: true
   visualize_v2.hidden: true
-  maps.hidden: true
-  maps_v2.hidden: true
   ### Machine Learning feature is moved from Analytics category to the Security one as the last item.
   ml:
     category: "security"

config/serverless.yml

@@ -81,8 +81,6 @@ xpack.features.overrides:
         includeIn: "read"
   ### Shared images feature is hidden in Role management since it's not needed.
   filesSharedImage.hidden: true
-  ### Maps feature is hidden in Role management since it's automatically granted by Dashboard feature.
-  maps_v2.hidden: true
   ### Reporting feature is supposed to give access to reporting capabilities across different features.
   reporting:
     privileges:
@@ -267,4 +265,4 @@ xpack.dataUsage.enabled: true
 xpack.dataUsage.enableExperimental: ['dataUsageDisabled']
 
 ## Content Connectors in stack management
-xpack.contentConnectors.enabled: true
+xpack.contentConnectors.enabled: true

src/platform/plugins/private/vis_types/table/server/config.ts

@@ -11,7 +11,6 @@ import { offeringBasedSchema, schema, TypeOf } from '@kbn/config-schema';
 
 export const configSchema = schema.object({
   enabled: schema.boolean({ defaultValue: true }),
-
   readOnly: offeringBasedSchema({
     serverless: schema.boolean({ defaultValue: false }),
   }),

src/platform/plugins/shared/visualizations/public/legacy/embeddable/create_vis_embeddable_from_object.ts

@@ -51,7 +51,7 @@ export const createVisEmbeddableFromObject =
       }
 
       const capabilities = {
-        visualizeSave: Boolean(getCapabilities().visualize_v2.save),
+        visualizeSave: Boolean(getCapabilities().visualize_v2?.save),
         dashboardSave: Boolean(getCapabilities().dashboard_v2?.showWriteControls),
         visualizeOpen: Boolean(getCapabilities().visualize_v2?.show),
       };