[Cloud Security] Add custom column naming support to the UnifiedDataTable component.

[animehart]

Describe the feature:

This is a follow up ticket from comments made on this PR (#183789)
Due to the change we made on the said PR, tables won't have the custom naming by default anymore as the UnifiedDataTable does not support custom column naming.

We should add custom column naming support (Independent from the DataView) to the UnifiedDataTable component.

Definition of Done:

• Create a Custom Column Naming support for the UnifiedDataTable component
• Make sure the FTRs still works

How to Test:
Pre-req: Need Findings data

• Create User with read only permissions
• Login with that User and then navigate to Findings page
• User should be able to see Findings table with no problem

[elasticmachine]

Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security)

[amirbenun]

Trying to verify as part of QA:

1. Creating a new user with "viewer" role
   

2. findings page is stuck on "loading results" state
   

[oren-zohar]

@kfirpeled @animehart @opauloh should we re-open this ticket?

[kfirpeled]

@animehart pay attention this ticket was re-opened after the first QA cycle, can you take a look and estimate what's the issue?

[animehart]

@kfirpeled
So I checked on this issue and it appears that this issue is being caused when users only has 'read' access to Fleet. This is causing the user to receive error 403 (Forbidden) whenever they try to access the findings page as shown below

[kfirpeled]

Thanks @animehart , in that case can you please open another ticket for this?
And you can close this one and we will verify it again on our next QA cycle

[opauloh]

@kfirpeled So I checked on this issue and it appears that this issue is being caused when users only has 'read' access to Fleet. This is causing the user to receive error 403 (Forbidden) whenever they try to access the findings page as shown below

Yes, the problem is caused by this line. @CohenIdo do we really need this checking !(await context.fleet).authz.fleet.all in this API?

Actually, I see we have authz.fleet.* checking across a couple of CSP APIs, but I could not find a documentation with the reason why we started adding this check in the first place. It doesn't look like a common practice for other plugins other than the fleet plugin. I've seen only a couple of use cases where this API is used out of the fleet plugin when there's a need to display agent polices to the users or update agent polices, but the CSP plugin does have an use case where it needs to display or update agent polices without using the fleet API.

cc @kfirpeled

[opauloh]

I added a Tech Debt ticket for us to review authz.fleet.* usage in the CSP plugin.

I also see that this issue happens on 8.14.3 where users with viewer permission can access the CSP Dashboard, but can't see benchmarks or misconfiguration data on the findings page.

[opauloh]

Verified 8.15.0 BC 4

Details on the comment:

#172615 (comment)

[maxcold]

The issue with access roles exist on serverless, new ticket is opened:

• [Bug] Cloud Security features (Misconfigurations, Benchmakrs pages) don't work for users in serverless except org owners and admins #189538

Marking this ticket as verified