Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Cases] Add new sub feature privilege to prevent access to case settings #4557

Merged
merged 8 commits into from
Jan 11, 2024
Merged

[Cases] Add new sub feature privilege to prevent access to case settings #4557

Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
43cfb4e
[Cases] Add new sub feature privilege to prevent access to case settings
lcawl Jan 4, 2024
9efae21
[DOCS] Clarify alert removal authority
lcawl Jan 4, 2024
70464ca
[DOCS] Fix typo
lcawl Jan 4, 2024
46d44fd
Update docs/getting-started/cases-req.asciidoc
lcawl Jan 10, 2024
ce874fb
Update docs/getting-started/cases-req.asciidoc
lcawl Jan 10, 2024
0401a08
Update docs/getting-started/cases-req.asciidoc
lcawl Jan 10, 2024
4d31f97
Merge branch 'main' into case-setting-security-privs
lcawl Jan 10, 2024
10196fb
[DOCS] Remove unnecessary bulleted list
lcawl Jan 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 14 additions & 6 deletions docs/getting-started/cases-req.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
[[case-permissions]]
= Cases prerequisites

:frontmatter-description: Learn about the {kib} feature privileges required to access {elastic-sec} cases.
:frontmatter-tags-products: [security]
:frontmatter-tags-content-type: [how-to]
:frontmatter-tags-user-goals: [configure]

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't aware that we're adding frontmatter to ESS doc files. Is this something we should be doing for all files?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably a good idea to double-check with @colleenmcginnis to be sure, but it was originally something that helped fill in the frontmatter for migration.

//To view cases, you need the {kib} space `Read` privilege for the `Security` feature. To create cases and add comments, you need the `All` {kib}
//space privilege for the `Security` feature.

Expand Down Expand Up @@ -34,7 +39,12 @@ a|
* **All** for the *Cases* feature under *Security*
* **All** for the *{connectors-feature}* feature under *Management*

NOTE: Roles without **All** *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors.
[NOTE]
====
Roles without **All** *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors.
lcawl marked this conversation as resolved.
Show resolved Hide resolved

By default, `All` for the *Cases* feature includes authority to delete cases, delete alerts and comments from cases, and edit case settings unless you customize the sub-feature privileges.
lcawl marked this conversation as resolved.
Show resolved Hide resolved
====

| Give assignee access to cases
a|
Expand All @@ -43,12 +53,10 @@ a|
NOTE: Before a user can be assigned to a case, they must log into {kib} at least
once, which creates a user profile.

| Give view-only access for cases | **Read** for the *Security* feature and **All** for the *Cases* feature

| Give access to view and delete cases
a| **Read** for the *Cases* feature under *Security* with the *Delete* sub-feature selected
| Give view-only access for cases
a| **Read** for the *Security* feature and **All** for the *Cases* feature

NOTE: These privileges also enable you to delete comments and alerts from a case.
NOTE: By default, `Read` for the *Cases* feature does not include authority to delete cases or delete alerts and comments from cases. You also cannot view or edit case settings. You can eanble these actions by customizing the sub-feature privileges.
lcawl marked this conversation as resolved.
Show resolved Hide resolved

| Revoke all access to cases | **None** for the *Cases* feature under *Security*

Expand Down