[Cases] Add new sub feature privilege to prevent access to case setti…

…ngs (#3504) (#3506) (cherry picked from commit b098a44) Co-authored-by: Lisa Cawley <[email protected]>
elastic · Jan 4, 2024 · 51e4f5e · 51e4f5e
1 parent 8eb607e
commit 51e4f5e
Showing 1 changed file with 14 additions and 6 deletions.
diff --git a/docs/en/observability/grant-cases-access.asciidoc b/docs/en/observability/grant-cases-access.asciidoc
@@ -1,6 +1,11 @@
 [[grant-cases-access]]
 = Configure access to cases
 
+:frontmatter-description: Learn about the {kib} feature privileges required to access {observability} cases. 
+:frontmatter-tags-products: [observability]
+:frontmatter-tags-content-type: [how-to] 
+:frontmatter-tags-user-goals: [configure]
+
 // lint ignore observability
 To access and send cases to external systems, you need the {subscriptions}[appropriate license],
 and your role must have the *Cases* {kib} privilege as a user for the *{observability}* feature.
@@ -17,20 +22,23 @@ a|
 * `All` for the *Cases* feature under *{observability}*.
 * `All` for the *{connectors-feature}* feature under *Management*.
 
-NOTE: Roles without `All` *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors.
+[NOTE]
+====
+Roles without `All` *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors.
+
+By default, `All` for the *Cases* feature includes authority to delete cases, delete alerts and comments from cases, and edit case settings unless you customize the sub-feature privileges.
+====
 
 | Give assignee access to cases
 a| `All` for the *Cases* feature under *{observability}*.
 
 NOTE: Before a user can be assigned to a case, they must log into {kib} at
 least once, which creates a user profile.
 
-| Give view-only access for cases | `Read` for the *Cases* feature under *{observability}*.
-
-| Give access to view and delete cases
-a| `Read` for the *Cases* feature under *{observability}* with the deletion sub-feature enabled.
+| Give view-only access for cases
+a| `Read` for the *Cases* feature under *{observability}*.
 
-NOTE: These privileges also enable you to delete comments and alerts from a case.
+NOTE: By default, `Read` for the *Cases* feature does not include authority to delete cases or delete alerts and comments from cases. You also cannot view or edit case settings. You can enable these actions by customizing the sub-feature privileges.
 
 | Give access to add alerts to cases
 a|