[Security solution] Update serverless roles to include Data Views fea… (

#169036)

…ture permissions

## Summary

Align roles with project-controller

(cherry picked from commit 4113d25)

# Conflicts:
#	x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/endpoint_operations_analyst.ts

packages/kbn-es/src/serverless_resources/roles.yml

@@ -387,6 +387,7 @@ soc_manager:
         - feature_actions.all
         - feature_builtInAlerts.all
         - feature_osquery.all
+        - feature_indexPatterns.all # Detections Data Views
       resources: "*"
 
 detections_admin:
@@ -471,6 +472,7 @@ platform_engineer:
         - feature_fleet.all
         - feature_fleetv2.all
         - feature_osquery.all
+        - feature_indexPatterns.all # Detections Data Views
       resources: "*"
 
 endpoint_operations_analyst:

x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/endpoint_operations_analyst.ts

@@ -11,7 +11,39 @@ import { getNoResponseActionsRole } from './without_response_actions_role';
 export const getEndpointOperationsAnalyst: () => Omit<Role, 'name'> = () => {
   const noResponseActionsRole = getNoResponseActionsRole();
   return {
-    ...noResponseActionsRole,
+    elasticsearch: {
+      cluster: [],
+      indices: [
+        {
+          names: [
+            'metrics-endpoint.metadata_current_*',
+            '.fleet-agents*',
+            '.fleet-actions*',
+            'apm-*-transaction*',
+            'traces-apm*',
+            'auditbeat-*',
+            'endgame-*',
+            'filebeat-*',
+            'logs-*',
+            'packetbeat-*',
+            'winlogbeat-*',
+            '.lists*',
+            '.items*',
+          ],
+          privileges: ['read'],
+        },
+        {
+          names: [
+            '.alerts-security*',
+            '.siem-signals-*',
+            '.preview.alerts-security*',
+            '.internal.preview.alerts-security*',
+          ],
+          privileges: ['read', 'write'],
+        },
+      ],
+      run_as: [],
+    },
     kibana: [
       {
         ...noResponseActionsRole.kibana[0],

x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml

@@ -390,6 +390,7 @@ soc_manager:
         - feature_actions.all
         - feature_builtInAlerts.all
         - feature_osquery.all
+        - feature_indexPatterns.all # Detections Data Views
       resources: "*"
 
 detections_admin:
@@ -474,6 +475,7 @@ platform_engineer:
         - feature_fleet.all
         - feature_fleetv2.all
         - feature_osquery.all
+        - feature_indexPatterns.all # Detections Data Views
       resources: "*"
 
 endpoint_operations_analyst: