resets operator_users file to match production + risk score index. (#…

…169102)
elastic · Oct 17, 2023 · f05d976 · f05d976
1 parent ad58290
commit f05d976
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 16 deletions.
diff --git a/packages/kbn-es/src/serverless_resources/operator_users.yml b/packages/kbn-es/src/serverless_resources/operator_users.yml
@@ -1,19 +1,5 @@
 operator:
-  - usernames:
-      [
-        'elastic_serverless',
-        'system_indices_superuser',
-        't1_analyst',
-        't2_analyst',
-        't3_analyst',
-        'threat_intelligence_analyst',
-        'rule_author',
-        'soc_manager',
-        'detections_admin',
-        'platform_engineer',
-        'endpoint_operations_analyst',
-        'endpoint_policy_manager',
-      ]
+  - usernames: ['elastic_serverless', 'system_indices_superuser']
     realm_type: 'file'
     auth_type: 'realm'
   - usernames: ['elastic/kibana']

diff --git a/packages/kbn-es/src/serverless_resources/roles.yml b/packages/kbn-es/src/serverless_resources/roles.yml
@@ -117,6 +117,7 @@ t1_analyst:
         - metrics-endpoint.metadata_current_*
         - ".fleet-agents*"
         - ".fleet-actions*"
+        - "risk-score.risk-score-*"
       privileges:
         - read
   applications:
@@ -157,6 +158,7 @@ t2_analyst:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
         - .fleet-actions*
+        - "risk-score.risk-score-*"
       privileges:
         - read
   applications:
@@ -204,6 +206,7 @@ t3_analyst:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
         - .fleet-actions*
+        - "risk-score.risk-score-*"
       privileges:
         - read
   applications:
@@ -256,6 +259,7 @@ threat_intelligence_analyst:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
         - .fleet-actions*
+        - "risk-score.risk-score-*"
       privileges:
         - read
   applications:
@@ -307,6 +311,7 @@ rule_author:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
         - .fleet-actions*
+        - "risk-score.risk-score-*"
       privileges:
         - read
   applications:
@@ -363,6 +368,7 @@ soc_manager:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
         - .fleet-actions*
+        - risk-score.risk-score-*
       privileges:
         - read
   applications:
@@ -391,7 +397,7 @@ soc_manager:
       resources: "*"
 
 detections_admin:
-  cluster:
+  cluster: ["manage_index_templates", "manage_transform"]
   indices:
     - names:
         - apm-*-transaction*
@@ -418,6 +424,10 @@ detections_admin:
         - .fleet-actions*
       privileges:
         - read
+    - names:
+        - risk-score.risk-score-*
+      privileges:
+        - all
   applications:
     - application: "kibana-.kibana"
       privileges:
@@ -450,6 +460,7 @@ platform_engineer:
         - .siem-signals-*
         - .preview.alerts-security*
         - .internal.preview.alerts-security*
+        - risk-score.risk-score-*
       privileges:
         - all
   applications:
@@ -482,6 +493,7 @@ endpoint_operations_analyst:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
         - .fleet-actions*
+        - risk-score.risk-score-*
       privileges:
         - read
     - names:
@@ -537,6 +549,7 @@ endpoint_policy_manager:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
         - .fleet-actions*
+        - risk-score.risk-score-*
       privileges:
         - read
     - names: