From 6f93a17199954218cbcb9aaa1f1dac750a88a562 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Kopyci=C5=84ski?= Date: Tue, 17 Oct 2023 07:36:07 +0000 Subject: [PATCH] =?UTF-8?q?[Security=20solution]=20Update=20serverless=20r?= =?UTF-8?q?oles=20to=20include=20Data=20Views=20fea=E2=80=A6=20(#169036)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …ture permissions ## Summary Align roles with project-controller (cherry picked from commit 4113d25f01ab22a704fda65f823113be34fd8757) # Conflicts: # x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/endpoint_operations_analyst.ts --- .../kbn-es/src/serverless_resources/roles.yml | 2 ++ .../endpoint_operations_analyst.ts | 34 ++++++++++++++++++- .../es_serverless_resources/roles.yml | 2 ++ 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/packages/kbn-es/src/serverless_resources/roles.yml b/packages/kbn-es/src/serverless_resources/roles.yml index bde917d2f9750..c631f596a8cac 100644 --- a/packages/kbn-es/src/serverless_resources/roles.yml +++ b/packages/kbn-es/src/serverless_resources/roles.yml @@ -387,6 +387,7 @@ soc_manager: - feature_actions.all - feature_builtInAlerts.all - feature_osquery.all + - feature_indexPatterns.all # Detections Data Views resources: "*" detections_admin: @@ -471,6 +472,7 @@ platform_engineer: - feature_fleet.all - feature_fleetv2.all - feature_osquery.all + - feature_indexPatterns.all # Detections Data Views resources: "*" endpoint_operations_analyst: diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/endpoint_operations_analyst.ts b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/endpoint_operations_analyst.ts index afc8941041128..1956f0f38142a 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/endpoint_operations_analyst.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/endpoint_operations_analyst.ts @@ -11,7 +11,39 @@ import { getNoResponseActionsRole } from './without_response_actions_role'; export const getEndpointOperationsAnalyst: () => Omit = () => { const noResponseActionsRole = getNoResponseActionsRole(); return { - ...noResponseActionsRole, + elasticsearch: { + cluster: [], + indices: [ + { + names: [ + 'metrics-endpoint.metadata_current_*', + '.fleet-agents*', + '.fleet-actions*', + 'apm-*-transaction*', + 'traces-apm*', + 'auditbeat-*', + 'endgame-*', + 'filebeat-*', + 'logs-*', + 'packetbeat-*', + 'winlogbeat-*', + '.lists*', + '.items*', + ], + privileges: ['read'], + }, + { + names: [ + '.alerts-security*', + '.siem-signals-*', + '.preview.alerts-security*', + '.internal.preview.alerts-security*', + ], + privileges: ['read', 'write'], + }, + ], + run_as: [], + }, kibana: [ { ...noResponseActionsRole.kibana[0], diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml index d216adc602c1a..ace64c7570aa2 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml @@ -390,6 +390,7 @@ soc_manager: - feature_actions.all - feature_builtInAlerts.all - feature_osquery.all + - feature_indexPatterns.all # Detections Data Views resources: "*" detections_admin: @@ -474,6 +475,7 @@ platform_engineer: - feature_fleet.all - feature_fleetv2.all - feature_osquery.all + - feature_indexPatterns.all # Detections Data Views resources: "*" endpoint_operations_analyst: