[ML] Adds an AI section into Stack Management
#227289
Conversation
|
/ci |
…lection under Kibana section
…ure visibility under GenAI Settings
…t --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --include-path /api/streams --include-path /api/fleet --include-path /api/dashboards --include-path /api/saved_objects/_import --include-path /api/saved_objects/_export --include-path /api/maintenance_window --update'
🔍 Preview links for changed docs |
| onClick={() => navigateToApp('management', { path: 'ai/genAiSettings' })} | ||
| data-test-subj="genAiSettingsButton" | ||
| > | ||
| {i18n.GEN_AI_SETTINGS_BUTTON} |
There was a problem hiding this comment.
Is it possible to add a check on the GenAI settings button in the o11y / security AI Assistant settings page, and only show it if the user has access to content on the new GenAI settings page i.e. All / None on Connectors and / or ability to manage Spaces.
Currently for a user with a custom role (no ability to manage Spaces) and None for connectors, the link redirects to the Stack Management landing page - not ideal, but not a blocker.
Screen.Recording.2025-08-06.at.15.23.32.mov
There was a problem hiding this comment.
Added privilege checks for GenAI Settings button in 39b1bf9
Also improved the GenAI Settings app to require 'All' permissions for Connectors, as having the Manage Connectors button enabled without actually being able to manage them (only view with e.g. Read permission) didn't seem correct.
There was a problem hiding this comment.
Changes in 39b1bf9 work well for users with 'None' for Connectors.
For users with Read on Connectors, I think it could be useful to keep that link so that they can see if they have a Gen AI connector configured. The button text should be 'View connectors' rather than 'Manage connectors' and I'd make a small tweak to the description to say In order to use the AI Assistant you must have a Generative AI connector. Not essential, but I think it would be a nice to have.
...ins/private/observability_ai_assistant_management/public/routes/components/settings_page.tsx
Show resolved
Hide resolved
| <p> | ||
| <FormattedMessage | ||
| id="genAiSettings.aiConnectorDescriptionWithLink" | ||
| defaultMessage={`A large language model (LLM) is required to power the AI Assistant and AI-powered features. By default, Elastic uses its {elasticManagedLlm} connector ({link}) when no custom connectors are available. When available, Elastic uses the last used custom connector.${ |
There was a problem hiding this comment.
Some users don't have access to the Elastic Managed LLM.
The current implementation (in main) checks whether the Elastic Managed LLM is available and adjusts the description accordingly.
See
viduni94
left a comment
There was a problem hiding this comment.
nit:
Should it be Enable or disable AI-powered features in Space settings?
in the Spaces settings sounds a little odd.
nit:
Also for the button, would Go to Space Settings be more appropriate since we are directing the user to the active space settings page and not to the Spaces page? Before this change we were directing the users to the Spaces page, hence why it said Go to Spaces. I know this must have been the case in the design. But i'll leave it up to you.
Everything else looks good to me. Approved!
dmlemeshko
left a comment
There was a problem hiding this comment.
x-pack/platform/test/functional/config.base.ts
x-pack/test/functional/config.base.js
changes LGTM
⏳ Build in-progress
History
cc @rbrtj |
peteharverson
left a comment
There was a problem hiding this comment.
Tested latest changes and LGTM
|
Hi, May I confirm this scenario please? |
Hi! |
angorayc
left a comment
There was a problem hiding this comment.
Thanks for implementing this feature!
|
@rbrtj QQ: Since the default LLM connector selection would happen in the GenAI Settings page, should this be backported to everything |
Resolves: elastic#224922 This PR: * Introduces a new `AI` section in Stack Management * Moves all AI Assistant management pages out of the `Kibana` section into the new `AI` setion. * Introduces the `genAISettings` plugin with a `GenAI Settings` page under the new `AI` section to manage generic configurations like connectors and feature visibility. * ~~AI Assistants settings now depend on the `aiAssistantManagementSelection` setting instead of the availability of individual assistants.~~ * ~~Enabled read mode for Security and Observability/Search assistant settings based on the setting above ^~~ It appears that the Assistant settings cannot directly rely on the `AI Assistant Settings` privilege. There are still ongoing discussions about whether we should remove the `AI Assistant Settings` privilege or take a different approach. With that in mind, I reverted some changes in this PR to just create a new section and move `AI Assistants` under it, along with adding the new `GenAI Settings` page. I left the existing privileges checks as they are, they will be updated once the discussions are resolved. <img width="1477" height="954" alt="image" src="https://github.com/user-attachments/assets/8b50bcbc-28df-42fa-82c5-5a8c262b2c9f" /> ### `AI Assistants` scenarios with different privileges: 1. `Management > AI Assistant Settings` - All/Read `Security Assistant` and `Observability Assistant` - All <img width="1717" height="1363" alt="image" src="https://github.com/user-attachments/assets/dcea9c33-4f2d-4ea4-818e-ba6ffaf1a812" /> 2. `Management > AI Assistant Settings` - All/Read, `Security Assistant` and `Observability Assistant` - none <img width="1716" height="1357" alt="image" src="https://github.com/user-attachments/assets/6b26e954-e201-475b-bee9-4a7ca20bd120" /> 3. `Management > AI Assistant Settings` - None <img width="1719" height="1313" alt="image" src="https://github.com/user-attachments/assets/9c38ecc1-693b-4c3b-8c09-f227ba539202" /> 4. No `Enterprise` license. Currently buggy, will be fixed by elastic#230036 <img width="1718" height="1356" alt="image" src="https://github.com/user-attachments/assets/39e07e33-baa3-4eaf-8fa4-c31895605517" /> TBD: - [ ] Manage Connectors should apply filters, however, the connectors page does not currently save filters in the URL state. - [ ] In solution views, take the user directly to the individual Assistant settings - I've decided to hold off on this until the ongoing privilege discussions are resolved, as the implementation may vary depending on the outcome. --------- Co-authored-by: kibanamachine <[email protected]>
Resolves: elastic#224922 This PR: * Introduces a new `AI` section in Stack Management * Moves all AI Assistant management pages out of the `Kibana` section into the new `AI` setion. * Introduces the `genAISettings` plugin with a `GenAI Settings` page under the new `AI` section to manage generic configurations like connectors and feature visibility. * ~~AI Assistants settings now depend on the `aiAssistantManagementSelection` setting instead of the availability of individual assistants.~~ * ~~Enabled read mode for Security and Observability/Search assistant settings based on the setting above ^~~ It appears that the Assistant settings cannot directly rely on the `AI Assistant Settings` privilege. There are still ongoing discussions about whether we should remove the `AI Assistant Settings` privilege or take a different approach. With that in mind, I reverted some changes in this PR to just create a new section and move `AI Assistants` under it, along with adding the new `GenAI Settings` page. I left the existing privileges checks as they are, they will be updated once the discussions are resolved. <img width="1477" height="954" alt="image" src="https://github.com/user-attachments/assets/8b50bcbc-28df-42fa-82c5-5a8c262b2c9f" /> ### `AI Assistants` scenarios with different privileges: 1. `Management > AI Assistant Settings` - All/Read `Security Assistant` and `Observability Assistant` - All <img width="1717" height="1363" alt="image" src="https://github.com/user-attachments/assets/dcea9c33-4f2d-4ea4-818e-ba6ffaf1a812" /> 2. `Management > AI Assistant Settings` - All/Read, `Security Assistant` and `Observability Assistant` - none <img width="1716" height="1357" alt="image" src="https://github.com/user-attachments/assets/6b26e954-e201-475b-bee9-4a7ca20bd120" /> 3. `Management > AI Assistant Settings` - None <img width="1719" height="1313" alt="image" src="https://github.com/user-attachments/assets/9c38ecc1-693b-4c3b-8c09-f227ba539202" /> 4. No `Enterprise` license. Currently buggy, will be fixed by elastic#230036 <img width="1718" height="1356" alt="image" src="https://github.com/user-attachments/assets/39e07e33-baa3-4eaf-8fa4-c31895605517" /> TBD: - [ ] Manage Connectors should apply filters, however, the connectors page does not currently save filters in the URL state. - [ ] In solution views, take the user directly to the individual Assistant settings - I've decided to hold off on this until the ongoing privilege discussions are resolved, as the implementation may vary depending on the outcome. --------- Co-authored-by: kibanamachine <[email protected]>
Resolves: #224922
This PR:
AIsection in Stack ManagementKibanasection into the newAIsetion.genAISettingsplugin with aGenAI Settingspage under the newAIsection to manage generic configurations like connectors and feature visibility.AI Assistants settings now depend on theaiAssistantManagementSelectionsetting instead of the availability of individual assistants.Enabled read mode for Security and Observability/Search assistant settings based on the setting above ^It appears that the Assistant settings cannot directly rely on the
AI Assistant Settingsprivilege. There are still ongoing discussions about whether we should remove theAI Assistant Settingsprivilege or take a different approach. With that in mind, I reverted some changes in this PR to just create a new section and moveAI Assistantsunder it, along with adding the newGenAI Settingspage. I left the existing privileges checks as they are, they will be updated once the discussions are resolved.AI Assistantsscenarios with different privileges:Management > AI Assistant Settings- All/ReadSecurity AssistantandObservability Assistant- AllManagement > AI Assistant Settings- All/Read,Security AssistantandObservability Assistant- noneManagement > AI Assistant Settings- NoneEnterpriselicense.Currently buggy, will be fixed by [Obs AI Assistant] Remove assistant settings page for basic licenses #230036
TBD: