From 7d7f751a9310770794607d1daeedc13488f6733d Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 29 Jan 2024 08:54:20 -0500 Subject: [PATCH] [Request][7.17-8.10] Doc privs required to create and manage the .lists data stream (#4696) (cherry picked from commit 2990160e6345d61b207b9004cd3595428d7f0b79) --- .../exceptions/exceptions-api-overview.asciidoc | 13 +++---------- .../exceptions/lists-index-api-overview.asciidoc | 2 +- .../api/lists/lists-api-overview.asciidoc | 16 +++------------- docs/getting-started/detections-req.asciidoc | 14 ++++++++++++-- 4 files changed, 19 insertions(+), 26 deletions(-) diff --git a/docs/detections/api/exceptions/exceptions-api-overview.asciidoc b/docs/detections/api/exceptions/exceptions-api-overview.asciidoc index b0bc68d936..440b4b012e 100644 --- a/docs/detections/api/exceptions/exceptions-api-overview.asciidoc +++ b/docs/detections/api/exceptions/exceptions-api-overview.asciidoc @@ -43,15 +43,8 @@ IMPORTANT: Before you can create exceptions, you must create `.lists` and `.items` indices for the {kib} space (see <>). [float] -=== Kibana role requirements +=== Exceptions requirements -To create list containers and items, the user role for the {kib} space must -have: +Before you start working with exceptions that use value lists, you must create the `.lists` and `.items` indices for the relevant {kib} space. To learn how to do this, go to <>. -* `read` and `write` index privileges for the -`.lists` and `.items` indices (the system index used for storing exception lists). -* {kib} space `All` privileges for the `Security` and `Saved Objects Management` -features (see -{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]). - -See <> for a complete list of requirements. +Once these indices are created, your role needs privileges to manage rules. Refer to <> for a complete list of requirements. diff --git a/docs/detections/api/exceptions/lists-index-api-overview.asciidoc b/docs/detections/api/exceptions/lists-index-api-overview.asciidoc index 5a73e29977..7889ecae67 100644 --- a/docs/detections/api/exceptions/lists-index-api-overview.asciidoc +++ b/docs/detections/api/exceptions/lists-index-api-overview.asciidoc @@ -6,7 +6,7 @@ and `.items` system indices in the relevant {kibana-ref}/xpack-spaces.html[{kib} space]. For information about the permissions and privileges required to create -`.lists` and `.items` indices, see <>. +`.lists` and `.items` indices, refer to <>. NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. diff --git a/docs/detections/api/lists/lists-api-overview.asciidoc b/docs/detections/api/lists/lists-api-overview.asciidoc index dfb5983421..c2fb1f1910 100644 --- a/docs/detections/api/lists/lists-api-overview.asciidoc +++ b/docs/detections/api/lists/lists-api-overview.asciidoc @@ -56,19 +56,9 @@ Use an <> to define the operator and associate it with an <>. You can then add the exception container to a rule's `exceptions_list` object. -IMPORTANT: Before you can create lists, you must create `.lists` and `.items` -indices for the {kib} space (see <>). - [float] -=== Kibana role requirements - -To create list containers and items, the user role for the {kib} space must -have: +=== Lists requirements -* `read` and `write` index privileges for the -`.lists` and `.items` indices (the system index used for storing exception lists). -* {kib} space `All` privileges for the `Security` and `Saved Objects Management` -features (see -{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]). +Before you can start using lists, you must create the `.lists` and `.items` indices for the relevant {kib} space. To learn how to do this, go to <>. -See <> for a complete list of requirements. +Once these indices are created, your role needs privileges to manage rules. Refer to <> for a complete list of requirements. diff --git a/docs/getting-started/detections-req.asciidoc b/docs/getting-started/detections-req.asciidoc index f3ca815272..b210c301d3 100644 --- a/docs/getting-started/detections-req.asciidoc +++ b/docs/getting-started/detections-req.asciidoc @@ -64,7 +64,6 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t |{kib} space `All` privileges for the `Security` feature (refer to {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]) - |Enable the Detections feature in all Kibana spaces *NOTE*: To turn on the Detections feature, visit the Detections page for each appropriate Kibana space. @@ -82,7 +81,6 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t |{kib} space `All` privileges for the `Security` feature (refer to {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]) - | Preview rules |N/A a| The `read` privilege for the following indices: @@ -129,6 +127,18 @@ a|The `maintenance`, `write`,`read`, and `view_index_metadata` index privileges |{kib} space `Read` privileges for the `Security` feature (refer to {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]) +|Create the `.lists` and `.items` indices in your {kib} space + +**NOTE**: To initiate the process that creates the `.lists` and `.items` indices, you must visit the Rules page for each appropriate {kib} space. + +|The `manage` privilege +a| The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following indices, where `` is the {kib} space name: + +* `.lists-` +* `.items-` +|{kib} space `All` privileges for the `Security` and `Saved Objects Management` +features (refer to {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]) + |============================================== Here is an example of a user who has the Detections feature enabled in all {kib} spaces: