diff --git a/packages/kbn-es/src/serverless_resources/roles.yml b/packages/kbn-es/src/serverless_resources/roles.yml
index bde917d2f9750..c631f596a8cac 100644
--- a/packages/kbn-es/src/serverless_resources/roles.yml
+++ b/packages/kbn-es/src/serverless_resources/roles.yml
@@ -387,6 +387,7 @@ soc_manager:
         - feature_actions.all
         - feature_builtInAlerts.all
         - feature_osquery.all
+        - feature_indexPatterns.all # Detections Data Views
       resources: "*"
 
 detections_admin:
@@ -471,6 +472,7 @@ platform_engineer:
         - feature_fleet.all
         - feature_fleetv2.all
         - feature_osquery.all
+        - feature_indexPatterns.all # Detections Data Views
       resources: "*"
 
 endpoint_operations_analyst:
diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/endpoint_operations_analyst.ts b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/endpoint_operations_analyst.ts
index afc8941041128..1956f0f38142a 100644
--- a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/endpoint_operations_analyst.ts
+++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/endpoint_operations_analyst.ts
@@ -11,7 +11,39 @@ import { getNoResponseActionsRole } from './without_response_actions_role';
 export const getEndpointOperationsAnalyst: () => Omit<Role, 'name'> = () => {
   const noResponseActionsRole = getNoResponseActionsRole();
   return {
-    ...noResponseActionsRole,
+    elasticsearch: {
+      cluster: [],
+      indices: [
+        {
+          names: [
+            'metrics-endpoint.metadata_current_*',
+            '.fleet-agents*',
+            '.fleet-actions*',
+            'apm-*-transaction*',
+            'traces-apm*',
+            'auditbeat-*',
+            'endgame-*',
+            'filebeat-*',
+            'logs-*',
+            'packetbeat-*',
+            'winlogbeat-*',
+            '.lists*',
+            '.items*',
+          ],
+          privileges: ['read'],
+        },
+        {
+          names: [
+            '.alerts-security*',
+            '.siem-signals-*',
+            '.preview.alerts-security*',
+            '.internal.preview.alerts-security*',
+          ],
+          privileges: ['read', 'write'],
+        },
+      ],
+      run_as: [],
+    },
     kibana: [
       {
         ...noResponseActionsRole.kibana[0],
diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml
index d216adc602c1a..ace64c7570aa2 100644
--- a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml
+++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml
@@ -390,6 +390,7 @@ soc_manager:
         - feature_actions.all
         - feature_builtInAlerts.all
         - feature_osquery.all
+        - feature_indexPatterns.all # Detections Data Views
       resources: "*"
 
 detections_admin:
@@ -474,6 +475,7 @@ platform_engineer:
         - feature_fleet.all
         - feature_fleetv2.all
         - feature_osquery.all
+        - feature_indexPatterns.all # Detections Data Views
       resources: "*"
 
 endpoint_operations_analyst: