Skip to content

Commit

Permalink
[Cases] Add new sub feature privilege to prevent access to case settings
Browse files Browse the repository at this point in the history
  • Loading branch information
@lcawl
lcawl committed Jan 4, 2024
1 parent c05968a commit 43cfb4e
Showing 1 changed file with 14 additions and 6 deletions.
20 changes: 14 additions & 6 deletions docs/getting-started/cases-req.asciidoc
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
[[case-permissions]]
= Cases prerequisites

:frontmatter-description: Learn about the {kib} feature privileges required to access {elastic-sec} cases.
:frontmatter-tags-products: [security]
:frontmatter-tags-content-type: [how-to]
:frontmatter-tags-user-goals: [configure]

//To view cases, you need the {kib} space `Read` privilege for the `Security` feature. To create cases and add comments, you need the `All` {kib}
//space privilege for the `Security` feature.

Expand Down Expand Up @@ -34,7 +39,12 @@ a|
* **All** for the *Cases* feature under *Security*
* **All** for the *{connectors-feature}* feature under *Management*

NOTE: Roles without **All** *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors.
[NOTE]
====
Roles without **All** *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors.
By default, `All` for the *Cases* feature includes authority to delete cases and comments and edit case settings unless you customize the sub-feature privileges.
====

| Give assignee access to cases
a|
Expand All @@ -43,12 +53,10 @@ a|
NOTE: Before a user can be assigned to a case, they must log into {kib} at least
once, which creates a user profile.

| Give view-only access for cases | **Read** for the *Security* feature and **All** for the *Cases* feature

| Give access to view and delete cases
a| **Read** for the *Cases* feature under *Security* with the *Delete* sub-feature selected
| Give view-only access for cases
a| **Read** for the *Security* feature and **All** for the *Cases* feature

NOTE: These privileges also enable you to delete comments and alerts from a case.
NOTE: By default, `Read` for the *Cases* feature does not include authority to delete cases or delete alerts and comments from cases. You also cannot view or edit case settings. You can eanble these actions by customizing the sub-feature privileges.

| Revoke all access to cases | **None** for the *Cases* feature under *Security*

Expand Down

0 comments on commit 43cfb4e

Please sign in to comment.