From b667b5a82ec2720933c30d89a165a7da6b2b98f1 Mon Sep 17 00:00:00 2001
From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Date: Sat, 9 Nov 2024 03:29:54 +1100
Subject: [PATCH] [8.x] Authorized route migration for routes owned by
 @elastic/kibana-core (#198187) (#199489)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# Backport

This will backport the following commits from `main` to `8.x`:
- [Authorized route migration for routes owned by @elastic/kibana-core
(#198187)](https://github.com/elastic/kibana/pull/198187)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kibana
Machine","email":"42973632+kibanamachine@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-11-08T00:48:30Z","message":"Authorized
route migration for routes owned by @elastic/kibana-core
(#198187)\n\nCo-authored-by: Alejandro Fernández Haro
<alejandro.haro@elastic.co>","sha":"543cc2f494e11d50685ff07afeca49f45008ecdd","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Core","enhancement","release_note:skip","Feature:Security/Authorization","v9.0.0","Team:Cloud
Security","backport:prev-minor","Authz: API
migration"],"title":"Authorized route migration for routes owned by
@elastic/kibana-core","number":198187,"url":"https://github.com/elastic/kibana/pull/198187","mergeCommit":{"message":"Authorized
route migration for routes owned by @elastic/kibana-core
(#198187)\n\nCo-authored-by: Alejandro Fernández Haro
<alejandro.haro@elastic.co>","sha":"543cc2f494e11d50685ff07afeca49f45008ecdd"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198187","number":198187,"mergeCommit":{"message":"Authorized
route migration for routes owned by @elastic/kibana-core
(#198187)\n\nCo-authored-by: Alejandro Fernández Haro
<alejandro.haro@elastic.co>","sha":"543cc2f494e11d50685ff07afeca49f45008ecdd"}}]}]
BACKPORT-->
---
 .../ftr_apis/server/routes/kbn_client_so/bulk_delete.ts     | 6 ++++--
 src/plugins/ftr_apis/server/routes/kbn_client_so/clean.ts   | 6 ++++--
 src/plugins/ftr_apis/server/routes/kbn_client_so/create.ts  | 6 ++++--
 src/plugins/ftr_apis/server/routes/kbn_client_so/delete.ts  | 6 ++++--
 src/plugins/ftr_apis/server/routes/kbn_client_so/find.ts    | 6 ++++--
 src/plugins/ftr_apis/server/routes/kbn_client_so/get.ts     | 6 ++++--
 src/plugins/ftr_apis/server/routes/kbn_client_so/update.ts  | 6 ++++--
 .../routes/benchmark_rules/bulk_action/bulk_action.ts       | 6 ++++--
 .../server/routes/benchmark_rules/find/find.ts              | 6 ++++--
 .../server/routes/benchmark_rules/get_states/get_states.ts  | 6 ++++--
 .../server/routes/benchmarks/benchmarks.ts                  | 6 ++++--
 .../routes/compliance_dashboard/compliance_dashboard.ts     | 6 ++++--
 .../get_detection_engine_alerts_count_by_rule_tags.ts       | 6 ++++--
 .../cloud_security_posture/server/routes/graph/route.ts     | 6 ++++--
 .../cloud_security_posture/server/routes/status/status.ts   | 6 ++++--
 .../vulnerabilities_dashboard/vulnerabilities_dashboard.ts  | 6 ++++--
 x-pack/plugins/features/server/routes/index.ts              | 6 +++++-
 .../test/ftr_apis/security_and_spaces/apis/bulk_delete.ts   | 3 ++-
 x-pack/test/ftr_apis/security_and_spaces/apis/clean.ts      | 3 ++-
 x-pack/test/ftr_apis/security_and_spaces/apis/create.ts     | 3 ++-
 x-pack/test/ftr_apis/security_and_spaces/apis/delete.ts     | 3 ++-
 x-pack/test/ftr_apis/security_and_spaces/apis/find.ts       | 3 ++-
 x-pack/test/ftr_apis/security_and_spaces/apis/get.ts        | 3 ++-
 x-pack/test/ftr_apis/security_and_spaces/apis/update.ts     | 3 ++-
 24 files changed, 83 insertions(+), 40 deletions(-)

diff --git a/src/plugins/ftr_apis/server/routes/kbn_client_so/bulk_delete.ts b/src/plugins/ftr_apis/server/routes/kbn_client_so/bulk_delete.ts
index b1667bfed4b99..7ba0a504fa530 100644
--- a/src/plugins/ftr_apis/server/routes/kbn_client_so/bulk_delete.ts
+++ b/src/plugins/ftr_apis/server/routes/kbn_client_so/bulk_delete.ts
@@ -15,8 +15,10 @@ export const registerBulkDeleteRoute = (router: IRouter) => {
   router.post(
     {
       path: `${KBN_CLIENT_API_PREFIX}/_bulk_delete`,
-      options: {
-        tags: ['access:ftrApis'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ftrApis'],
+        },
       },
       validate: {
         body: schema.arrayOf(
diff --git a/src/plugins/ftr_apis/server/routes/kbn_client_so/clean.ts b/src/plugins/ftr_apis/server/routes/kbn_client_so/clean.ts
index 86be3af46348f..2f2edc66fdc4a 100644
--- a/src/plugins/ftr_apis/server/routes/kbn_client_so/clean.ts
+++ b/src/plugins/ftr_apis/server/routes/kbn_client_so/clean.ts
@@ -15,8 +15,10 @@ export const registerCleanRoute = (router: IRouter) => {
   router.post(
     {
       path: `${KBN_CLIENT_API_PREFIX}/_clean`,
-      options: {
-        tags: ['access:ftrApis'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ftrApis'],
+        },
       },
       validate: {
         body: schema.object({
diff --git a/src/plugins/ftr_apis/server/routes/kbn_client_so/create.ts b/src/plugins/ftr_apis/server/routes/kbn_client_so/create.ts
index 528e271de1d4f..fdf93e2d517b8 100644
--- a/src/plugins/ftr_apis/server/routes/kbn_client_so/create.ts
+++ b/src/plugins/ftr_apis/server/routes/kbn_client_so/create.ts
@@ -15,8 +15,10 @@ export const registerCreateRoute = (router: IRouter) => {
   router.post(
     {
       path: `${KBN_CLIENT_API_PREFIX}/{type}/{id?}`,
-      options: {
-        tags: ['access:ftrApis'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ftrApis'],
+        },
       },
       validate: {
         params: schema.object({
diff --git a/src/plugins/ftr_apis/server/routes/kbn_client_so/delete.ts b/src/plugins/ftr_apis/server/routes/kbn_client_so/delete.ts
index 77cec6243711c..69bc5f51db118 100644
--- a/src/plugins/ftr_apis/server/routes/kbn_client_so/delete.ts
+++ b/src/plugins/ftr_apis/server/routes/kbn_client_so/delete.ts
@@ -15,8 +15,10 @@ export const registerDeleteRoute = (router: IRouter) => {
   router.delete(
     {
       path: `${KBN_CLIENT_API_PREFIX}/{type}/{id}`,
-      options: {
-        tags: ['access:ftrApis'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ftrApis'],
+        },
       },
       validate: {
         params: schema.object({
diff --git a/src/plugins/ftr_apis/server/routes/kbn_client_so/find.ts b/src/plugins/ftr_apis/server/routes/kbn_client_so/find.ts
index 2aefd0f87d334..ecacba6b782cd 100644
--- a/src/plugins/ftr_apis/server/routes/kbn_client_so/find.ts
+++ b/src/plugins/ftr_apis/server/routes/kbn_client_so/find.ts
@@ -15,8 +15,10 @@ export const registerFindRoute = (router: IRouter) => {
   router.get(
     {
       path: `${KBN_CLIENT_API_PREFIX}/_find`,
-      options: {
-        tags: ['access:ftrApis'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ftrApis'],
+        },
       },
       validate: {
         query: schema.object({
diff --git a/src/plugins/ftr_apis/server/routes/kbn_client_so/get.ts b/src/plugins/ftr_apis/server/routes/kbn_client_so/get.ts
index bcfcd906ffc4c..88685608aee1a 100644
--- a/src/plugins/ftr_apis/server/routes/kbn_client_so/get.ts
+++ b/src/plugins/ftr_apis/server/routes/kbn_client_so/get.ts
@@ -15,8 +15,10 @@ export const registerGetRoute = (router: IRouter) => {
   router.get(
     {
       path: `${KBN_CLIENT_API_PREFIX}/{type}/{id}`,
-      options: {
-        tags: ['access:ftrApis'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ftrApis'],
+        },
       },
       validate: {
         params: schema.object({
diff --git a/src/plugins/ftr_apis/server/routes/kbn_client_so/update.ts b/src/plugins/ftr_apis/server/routes/kbn_client_so/update.ts
index ee5b90e2897e0..e2eef65c0ec26 100644
--- a/src/plugins/ftr_apis/server/routes/kbn_client_so/update.ts
+++ b/src/plugins/ftr_apis/server/routes/kbn_client_so/update.ts
@@ -15,8 +15,10 @@ export const registerUpdateRoute = (router: IRouter) => {
   router.put(
     {
       path: `${KBN_CLIENT_API_PREFIX}/{type}/{id}`,
-      options: {
-        tags: ['access:ftrApis'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ftrApis'],
+        },
       },
       validate: {
         params: schema.object({
diff --git a/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/bulk_action/bulk_action.ts b/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/bulk_action/bulk_action.ts
index 14b55541a1baf..b72cb27088eda 100644
--- a/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/bulk_action/bulk_action.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/bulk_action/bulk_action.ts
@@ -44,8 +44,10 @@ export const defineBulkActionCspBenchmarkRulesRoute = (router: CspRouter) =>
     .post({
       access: 'internal',
       path: CSP_BENCHMARK_RULES_BULK_ACTION_ROUTE_PATH,
-      options: {
-        tags: ['access:cloud-security-posture-all'],
+      security: {
+        authz: {
+          requiredPrivileges: ['cloud-security-posture-all'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/find/find.ts b/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/find/find.ts
index 738a8774266d8..a205ad95419db 100644
--- a/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/find/find.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/find/find.ts
@@ -25,8 +25,10 @@ export const defineFindCspBenchmarkRuleRoute = (router: CspRouter) =>
     .get({
       access: 'internal',
       path: FIND_CSP_BENCHMARK_RULE_ROUTE_PATH,
-      options: {
-        tags: ['access:cloud-security-posture-read'],
+      security: {
+        authz: {
+          requiredPrivileges: ['cloud-security-posture-read'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/get_states/get_states.ts b/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/get_states/get_states.ts
index 31ef05abc7ccd..a737313ffc66a 100644
--- a/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/get_states/get_states.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/get_states/get_states.ts
@@ -16,8 +16,10 @@ export const defineGetCspBenchmarkRulesStatesRoute = (router: CspRouter) =>
     .get({
       access: 'internal',
       path: CSP_GET_BENCHMARK_RULES_STATE_ROUTE_PATH,
-      options: {
-        tags: ['access:cloud-security-posture-read'],
+      security: {
+        authz: {
+          requiredPrivileges: ['cloud-security-posture-read'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/cloud_security_posture/server/routes/benchmarks/benchmarks.ts b/x-pack/plugins/cloud_security_posture/server/routes/benchmarks/benchmarks.ts
index c3854b1dafb4d..efbdedad3d3a5 100644
--- a/x-pack/plugins/cloud_security_posture/server/routes/benchmarks/benchmarks.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/benchmarks/benchmarks.ts
@@ -20,8 +20,10 @@ export const defineGetBenchmarksRoute = (router: CspRouter) =>
     .get({
       access: 'internal',
       path: BENCHMARKS_ROUTE_PATH,
-      options: {
-        tags: ['access:cloud-security-posture-read'],
+      security: {
+        authz: {
+          requiredPrivileges: ['cloud-security-posture-read'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/cloud_security_posture/server/routes/compliance_dashboard/compliance_dashboard.ts b/x-pack/plugins/cloud_security_posture/server/routes/compliance_dashboard/compliance_dashboard.ts
index 851fa865566f7..481433e1efd56 100644
--- a/x-pack/plugins/cloud_security_posture/server/routes/compliance_dashboard/compliance_dashboard.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/compliance_dashboard/compliance_dashboard.ts
@@ -65,8 +65,10 @@ export const defineGetComplianceDashboardRoute = (router: CspRouter) =>
     .get({
       access: 'internal',
       path: STATS_ROUTE_PATH,
-      options: {
-        tags: ['access:cloud-security-posture-read'],
+      security: {
+        authz: {
+          requiredPrivileges: ['cloud-security-posture-read'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/cloud_security_posture/server/routes/detection_engine/get_detection_engine_alerts_count_by_rule_tags.ts b/x-pack/plugins/cloud_security_posture/server/routes/detection_engine/get_detection_engine_alerts_count_by_rule_tags.ts
index 6455b34707f70..38a9e356a1446 100644
--- a/x-pack/plugins/cloud_security_posture/server/routes/detection_engine/get_detection_engine_alerts_count_by_rule_tags.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/detection_engine/get_detection_engine_alerts_count_by_rule_tags.ts
@@ -53,8 +53,10 @@ export const defineGetDetectionEngineAlertsStatus = (router: CspRouter) =>
     .get({
       access: 'internal',
       path: GET_DETECTION_RULE_ALERTS_STATUS_PATH,
-      options: {
-        tags: ['access:cloud-security-posture-read'],
+      security: {
+        authz: {
+          requiredPrivileges: ['cloud-security-posture-read'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/cloud_security_posture/server/routes/graph/route.ts b/x-pack/plugins/cloud_security_posture/server/routes/graph/route.ts
index 9ff15c2be73e6..9e9744b33d940 100644
--- a/x-pack/plugins/cloud_security_posture/server/routes/graph/route.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/graph/route.ts
@@ -20,8 +20,10 @@ export const defineGraphRoute = (router: CspRouter) =>
       access: 'internal',
       enableQueryVersion: true,
       path: GRAPH_ROUTE_PATH,
-      options: {
-        tags: ['access:cloud-security-posture-read'],
+      security: {
+        authz: {
+          requiredPrivileges: ['cloud-security-posture-read'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts b/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts
index 4f5c84b936fb2..066d0c936e27c 100644
--- a/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts
@@ -437,8 +437,10 @@ export const defineGetCspStatusRoute = (
     .get({
       access: 'internal',
       path: STATUS_ROUTE_PATH,
-      options: {
-        tags: ['access:cloud-security-posture-read'],
+      security: {
+        authz: {
+          requiredPrivileges: ['cloud-security-posture-read'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/cloud_security_posture/server/routes/vulnerabilities_dashboard/vulnerabilities_dashboard.ts b/x-pack/plugins/cloud_security_posture/server/routes/vulnerabilities_dashboard/vulnerabilities_dashboard.ts
index f7de7f1be4b65..e336e6dbc0c02 100644
--- a/x-pack/plugins/cloud_security_posture/server/routes/vulnerabilities_dashboard/vulnerabilities_dashboard.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/vulnerabilities_dashboard/vulnerabilities_dashboard.ts
@@ -20,8 +20,10 @@ export const defineGetVulnerabilitiesDashboardRoute = (router: CspRouter): void
     {
       path: VULNERABILITIES_DASHBOARD_ROUTE_PATH,
       validate: false,
-      options: {
-        tags: ['access:cloud-security-posture-read'],
+      security: {
+        authz: {
+          requiredPrivileges: ['cloud-security-posture-read'],
+        },
       },
     },
     async (context, request, response) => {
diff --git a/x-pack/plugins/features/server/routes/index.ts b/x-pack/plugins/features/server/routes/index.ts
index 281010613f693..b06efbb170ad4 100644
--- a/x-pack/plugins/features/server/routes/index.ts
+++ b/x-pack/plugins/features/server/routes/index.ts
@@ -21,8 +21,12 @@ export function defineRoutes({ router, featureRegistry }: RouteDefinitionParams)
   router.get(
     {
       path: '/api/features',
+      security: {
+        authz: {
+          requiredPrivileges: ['read_features'],
+        },
+      },
       options: {
-        tags: ['access:read_features'],
         access: 'public',
         summary: `Get features`,
       },
diff --git a/x-pack/test/ftr_apis/security_and_spaces/apis/bulk_delete.ts b/x-pack/test/ftr_apis/security_and_spaces/apis/bulk_delete.ts
index 1ba800413237e..7439df4265ec3 100644
--- a/x-pack/test/ftr_apis/security_and_spaces/apis/bulk_delete.ts
+++ b/x-pack/test/ftr_apis/security_and_spaces/apis/bulk_delete.ts
@@ -44,7 +44,8 @@ export default function (ftrContext: FtrProviderContext) {
           expect(body).to.eql({
             statusCode: 403,
             error: 'Forbidden',
-            message: 'Forbidden',
+            message:
+              'API [POST /internal/ftr/kbn_client_so/_bulk_delete] is unauthorized for user, this action is granted by the Kibana privileges [ftrApis]',
           });
         },
       },
diff --git a/x-pack/test/ftr_apis/security_and_spaces/apis/clean.ts b/x-pack/test/ftr_apis/security_and_spaces/apis/clean.ts
index dc3bacf5b35f4..7b865c2f8803e 100644
--- a/x-pack/test/ftr_apis/security_and_spaces/apis/clean.ts
+++ b/x-pack/test/ftr_apis/security_and_spaces/apis/clean.ts
@@ -43,7 +43,8 @@ export default function (ftrContext: FtrProviderContext) {
         expectResponse: ({ body }) => {
           expect(body).to.eql({
             error: 'Forbidden',
-            message: 'Forbidden',
+            message:
+              'API [POST /internal/ftr/kbn_client_so/_clean] is unauthorized for user, this action is granted by the Kibana privileges [ftrApis]',
             statusCode: 403,
           });
         },
diff --git a/x-pack/test/ftr_apis/security_and_spaces/apis/create.ts b/x-pack/test/ftr_apis/security_and_spaces/apis/create.ts
index 50aee16f1b9f0..a4780e641386b 100644
--- a/x-pack/test/ftr_apis/security_and_spaces/apis/create.ts
+++ b/x-pack/test/ftr_apis/security_and_spaces/apis/create.ts
@@ -48,7 +48,8 @@ export default function (ftrContext: FtrProviderContext) {
           expect(body).to.eql({
             statusCode: 403,
             error: 'Forbidden',
-            message: 'Forbidden',
+            message:
+              'API [POST /internal/ftr/kbn_client_so/tag] is unauthorized for user, this action is granted by the Kibana privileges [ftrApis]',
           });
         },
       },
diff --git a/x-pack/test/ftr_apis/security_and_spaces/apis/delete.ts b/x-pack/test/ftr_apis/security_and_spaces/apis/delete.ts
index f3b04c3cab492..ff898032eb5ff 100644
--- a/x-pack/test/ftr_apis/security_and_spaces/apis/delete.ts
+++ b/x-pack/test/ftr_apis/security_and_spaces/apis/delete.ts
@@ -44,7 +44,8 @@ export default function (ftrContext: FtrProviderContext) {
           expect(body).to.eql({
             statusCode: 403,
             error: 'Forbidden',
-            message: 'Forbidden',
+            message:
+              'API [DELETE /internal/ftr/kbn_client_so/visualization/vis-area-1] is unauthorized for user, this action is granted by the Kibana privileges [ftrApis]',
           });
         },
       },
diff --git a/x-pack/test/ftr_apis/security_and_spaces/apis/find.ts b/x-pack/test/ftr_apis/security_and_spaces/apis/find.ts
index 803db0affbfa7..caa548ae179e2 100644
--- a/x-pack/test/ftr_apis/security_and_spaces/apis/find.ts
+++ b/x-pack/test/ftr_apis/security_and_spaces/apis/find.ts
@@ -43,7 +43,8 @@ export default function (ftrContext: FtrProviderContext) {
         expectResponse: ({ body }) => {
           expect(body).to.eql({
             error: 'Forbidden',
-            message: 'Forbidden',
+            message:
+              'API [GET /internal/ftr/kbn_client_so/_find?type=tag] is unauthorized for user, this action is granted by the Kibana privileges [ftrApis]',
             statusCode: 403,
           });
         },
diff --git a/x-pack/test/ftr_apis/security_and_spaces/apis/get.ts b/x-pack/test/ftr_apis/security_and_spaces/apis/get.ts
index db4f507a64645..ac255d97af51c 100644
--- a/x-pack/test/ftr_apis/security_and_spaces/apis/get.ts
+++ b/x-pack/test/ftr_apis/security_and_spaces/apis/get.ts
@@ -44,7 +44,8 @@ export default function (ftrContext: FtrProviderContext) {
           expect(body).to.eql({
             statusCode: 403,
             error: 'Forbidden',
-            message: 'Forbidden',
+            message:
+              'API [GET /internal/ftr/kbn_client_so/visualization/vis-area-4] is unauthorized for user, this action is granted by the Kibana privileges [ftrApis]',
           });
         },
       },
diff --git a/x-pack/test/ftr_apis/security_and_spaces/apis/update.ts b/x-pack/test/ftr_apis/security_and_spaces/apis/update.ts
index fe3ade47195a6..e599b0e373624 100644
--- a/x-pack/test/ftr_apis/security_and_spaces/apis/update.ts
+++ b/x-pack/test/ftr_apis/security_and_spaces/apis/update.ts
@@ -44,7 +44,8 @@ export default function (ftrContext: FtrProviderContext) {
           expect(body).to.eql({
             statusCode: 403,
             error: 'Forbidden',
-            message: 'Forbidden',
+            message:
+              'API [PUT /internal/ftr/kbn_client_so/tag/tag-1] is unauthorized for user, this action is granted by the Kibana privileges [ftrApis]',
           });
         },
       },