Sidecars: Not allowed to view user graylog-sidecar

[dreng]

Expected Behavior

The Sidecar page should open for users with role "Sidecar Reader". This is what happend with Graylog 6.x.x.

Current Behavior

After upgrading to Graylog 7, an error page is shown when you try to open the Sidecar page:

The permissions check for the following request failed, while trying to access /system/sidecars. There was an error fetching a resource: Forbidden. Additional information: Not allowed to view user graylog-sidecar

If you remove the role "Sidecar Reader" from the user, a different and expectable error occurs:

The permissions check for the following request failed, while trying to access /system/sidecars. There was an error fetching a resource: Forbidden. Additional information: Not authorized

At least one of the roles "User Inspector" (AND "Sidecar Reader") or "Admin" is required in order to get access to the Sidecar page.

Steps to Reproduce (for bugs)

1. Upgrade from Graylog 6.x.x to 7 (fresh install not tested)
2. Log in and make sure that the roles "Sidecar Reader" and/or "Sidecar Manager" are assigned to you
3. Open System > Sidecars from the menu (or use direct link https://yourdomain.tld/system/sidecars)

Your Environment

• Graylog Version: 7.0
• Java Version:
• OpenSearch Version: 2.15.0
• MongoDB Version: 8.0
• Operating System: Debian 12 (bookworm)
• Browser version:

Checklist

[ ] This issue fix need to be backported. [ ] Does this issue have security implications?

[AntonEbel]

The call here shouldn't break the page. If the Sidecar user cannot be fetched, we should instead only hide the selected section: