Skip to content

[Detections RBAC] Update references to detections RBAC #3874

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
yctercero wants to merge 42 commits into
base: main
Choose a base branch
from
Open

[Detections RBAC] Update references to detections RBAC #3874

yctercero wants to merge 42 commits into from
+95 −27

Conversation

@yctercero
Copy link

@yctercero yctercero commented Nov 11, 2025
edited by nastasha-solomon
Loading

Summary

Fixes https://github.com/elastic/docs-content-internal/issues/597

In an effort to provide finer grained privileges to our users we have made the initial PR updates to move Rules, Alerts, and Exceptions Kibana privileges out from under Security > Security and into it's own Security > Rules. There will be follow up work done dev side to break out Rules privileges into subfeatures.

Changes made

  • Attack Discovery
    • Specified Kibana and ES index privs needed for 9.0, 9.1, and 9.3/Serverless. Noted that users also need (at min) Read for Security > Rules.
  • Detections Requirements
    • Updated the privileges table to specify Kibana privs needed for 9.0 and 9.3/Serverless. In updates for 9.3/Serverless, noted that users need at least Read for Security > Rules.
    • Added table that breaks down some info on serverless prebuilt roles
  • Automatic Migration
    • Specified Kibana privs needed for 9.0 and 9.3/Serverless. Noted that users need at least Read for Security > Rules.

@yctercero yctercero added the documentation Improvements or additions to documentation label Nov 11, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Nov 11, 2025
edited
Loading

🔍 Preview links for changed docs

@yctercero yctercero marked this pull request as ready for review November 11, 2025 18:59
@yctercero yctercero requested review from a team as code owners November 11, 2025 18:59
benironside
benironside reviewed Nov 13, 2025
View reviewed changes
Copy link
Contributor

@benironside benironside left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much for this Yara! I'm going to make a few small edits, and I'll hold off on approving because I think another security writer should take a look first

benironside
benironside reviewed Nov 13, 2025
View reviewed changes
@e40pud
Copy link

e40pud commented Nov 17, 2025
edited
Loading

@yctercero I believe Attack Discovery: All and Rules - Read is enough to use Attack discovery. Since Rules - Read allows user to modify alert documents that will be enough for all actions within the Attack discovery page to work correctly.

nastasha-solomon
nastasha-solomon reviewed Nov 19, 2025
View reviewed changes
Copy link
Contributor

@nastasha-solomon nastasha-solomon left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for opening this, @yctercero! This is a great starting point for updating the docs that explain the required Kibana privs that roles must have to use certain Security features. I'm planning to make some organizational improvements to the "Detections requirements" page for 9.3, so I may need to open a new PR to re-add the changes you made in this PR if my changes introduce too many gnarly conflicts.

However, before I move forward with the organizational changes, I do want to understand the schedule for the phases that you outlined here. I'll drop my questions the #security-detections-response-rbac channel so we can discuss there.

@yctercero
Clarify RBAC privileges for Attack Discovery
37cb097 
Updated RBAC privileges for Attack Discovery to specify minimum requirements.
@nastasha-solomon
Copy link
Contributor

nastasha-solomon commented Dec 16, 2025

@benironside tomorrow, I could use your review of the updates we made to the Role-based access control (RBAC) for Attack Discovery section and the Automatic Migration requirements. TIA!

benironside
benironside reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

@benironside benironside left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Attack discovery and Automatic migrations sections LGTM. Left a couple minor suggestions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benironside benironside benironside left review comments

@rylnd rylnd Awaiting requested review from rylnd

@e40pud e40pud Awaiting requested review from e40pud

@michaelolo24 michaelolo24 Awaiting requested review from michaelolo24

@nastasha-solomon nastasha-solomon Awaiting requested review from nastasha-solomon

At least 1 approving review is required to merge this pull request.

Assignees

@nastasha-solomon nastasha-solomon

Labels

documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@yctercero @e40pud @nastasha-solomon @rylnd @benironside