From 51e4f5eb8ae602424e07b8d52ef95d6644c885c1 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Thu, 4 Jan 2024 15:38:46 -0800
Subject: [PATCH] [Cases] Add new sub feature privilege to prevent access to
 case settings (#3504) (#3506)

(cherry picked from commit b098a442450af166d27a25932550e6d714b5af8e)

Co-authored-by: Lisa Cawley <lcawley@elastic.co>
---
 .../observability/grant-cases-access.asciidoc | 20 +++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/docs/en/observability/grant-cases-access.asciidoc b/docs/en/observability/grant-cases-access.asciidoc
index 95199aafbe..9e104ec9d3 100644
--- a/docs/en/observability/grant-cases-access.asciidoc
+++ b/docs/en/observability/grant-cases-access.asciidoc
@@ -1,6 +1,11 @@
 [[grant-cases-access]]
 = Configure access to cases
 
+:frontmatter-description: Learn about the {kib} feature privileges required to access {observability} cases. 
+:frontmatter-tags-products: [observability]
+:frontmatter-tags-content-type: [how-to] 
+:frontmatter-tags-user-goals: [configure]
+
 // lint ignore observability
 To access and send cases to external systems, you need the {subscriptions}[appropriate license],
 and your role must have the *Cases* {kib} privilege as a user for the *{observability}* feature.
@@ -17,7 +22,12 @@ a|
 * `All` for the *Cases* feature under *{observability}*.
 * `All` for the *{connectors-feature}* feature under *Management*.
 
-NOTE: Roles without `All` *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors.
+[NOTE]
+====
+Roles without `All` *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors.
+
+By default, `All` for the *Cases* feature includes authority to delete cases, delete alerts and comments from cases, and edit case settings unless you customize the sub-feature privileges.
+====
 
 | Give assignee access to cases
 a| `All` for the *Cases* feature under *{observability}*.
@@ -25,12 +35,10 @@ a| `All` for the *Cases* feature under *{observability}*.
 NOTE: Before a user can be assigned to a case, they must log into {kib} at
 least once, which creates a user profile.
 
-| Give view-only access for cases | `Read` for the *Cases* feature under *{observability}*.
-
-| Give access to view and delete cases
-a| `Read` for the *Cases* feature under *{observability}* with the deletion sub-feature enabled.
+| Give view-only access for cases
+a| `Read` for the *Cases* feature under *{observability}*.
 
-NOTE: These privileges also enable you to delete comments and alerts from a case.
+NOTE: By default, `Read` for the *Cases* feature does not include authority to delete cases or delete alerts and comments from cases. You also cannot view or edit case settings. You can enable these actions by customizing the sub-feature privileges.
 
 | Give access to add alerts to cases
 a|