diff --git a/docs/getting-started/cases-req.asciidoc b/docs/getting-started/cases-req.asciidoc index a18eca2aef..5e0f7fdd6e 100644 --- a/docs/getting-started/cases-req.asciidoc +++ b/docs/getting-started/cases-req.asciidoc @@ -1,6 +1,11 @@ [[case-permissions]] = Cases prerequisites +:frontmatter-description: Learn about the {kib} feature privileges required to access {elastic-sec} cases. +:frontmatter-tags-products: [security] +:frontmatter-tags-content-type: [how-to] +:frontmatter-tags-user-goals: [configure] + //To view cases, you need the {kib} space `Read` privilege for the `Security` feature. To create cases and add comments, you need the `All` {kib} //space privilege for the `Security` feature. @@ -34,21 +39,23 @@ a| * **All** for the *Cases* feature under *Security* * **All** for the *{connectors-feature}* feature under *Management* -NOTE: Roles without **All** *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors. +[NOTE] +==== +Roles without **All** privileges for the *{connectors-feature}* feature cannot create, add, delete, or modify case connectors. + +By default, **All** for the *Cases* feature allows you to delete cases, delete alerts and comments from cases, and edit case settings. You can customize the sub-feature privileges to limit feature access. +==== | Give assignee access to cases -a| -* **All** for the *Cases* feature under *Security* +a| **All** for the *Cases* feature under *Security* NOTE: Before a user can be assigned to a case, they must log into {kib} at least once, which creates a user profile. -| Give view-only access for cases | **Read** for the *Security* feature and **All** for the *Cases* feature - -| Give access to view and delete cases -a| **Read** for the *Cases* feature under *Security* with the *Delete* sub-feature selected +| Give view-only access for cases +a| **Read** for the *Security* feature and **All** for the *Cases* feature -NOTE: These privileges also enable you to delete comments and alerts from a case. +NOTE: You can customize the sub-feature privileges to allow access to deleting cases, deleting alerts and comments from cases, and viewing or editing case settings. | Revoke all access to cases | **None** for the *Cases* feature under *Security*