From 716bf99f2f07366231b77c4508c9850615163f80 Mon Sep 17 00:00:00 2001
From: lcawl <lcawley@elastic.co>
Date: Wed, 3 Jan 2024 17:44:48 -0800
Subject: [PATCH 1/2] [Cases] Add new sub feature privilege to prevent access
 to the cases settings page

---
 .../observability/grant-cases-access.asciidoc | 20 +++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/docs/en/observability/grant-cases-access.asciidoc b/docs/en/observability/grant-cases-access.asciidoc
index 95199aafbe..1a2876daca 100644
--- a/docs/en/observability/grant-cases-access.asciidoc
+++ b/docs/en/observability/grant-cases-access.asciidoc
@@ -1,6 +1,11 @@
 [[grant-cases-access]]
 = Configure access to cases
 
+:frontmatter-description: Learn about the {kib} feature privileges required to access {observability} cases. 
+:frontmatter-tags-products: [observability]
+:frontmatter-tags-content-type: [how-to] 
+:frontmatter-tags-user-goals: [configure]
+
 // lint ignore observability
 To access and send cases to external systems, you need the {subscriptions}[appropriate license],
 and your role must have the *Cases* {kib} privilege as a user for the *{observability}* feature.
@@ -17,7 +22,12 @@ a|
 * `All` for the *Cases* feature under *{observability}*.
 * `All` for the *{connectors-feature}* feature under *Management*.
 
-NOTE: Roles without `All` *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors.
+[NOTE]
+====
+Roles without `All` *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors.
+
+By default, `All` for the *Cases* feature includes authority to delete cases and comments and edit case settings unless you customize the sub-feature privileges.
+====
 
 | Give assignee access to cases
 a| `All` for the *Cases* feature under *{observability}*.
@@ -25,12 +35,10 @@ a| `All` for the *Cases* feature under *{observability}*.
 NOTE: Before a user can be assigned to a case, they must log into {kib} at
 least once, which creates a user profile.
 
-| Give view-only access for cases | `Read` for the *Cases* feature under *{observability}*.
-
-| Give access to view and delete cases
-a| `Read` for the *Cases* feature under *{observability}* with the deletion sub-feature enabled.
+| Give view-only access for cases
+a| `Read` for the *Cases* feature under *{observability}*.
 
-NOTE: These privileges also enable you to delete comments and alerts from a case.
+NOTE: By default, `Read` for the *Cases* feature does not include authority to delete cases or delete alerts and comments from cases. You also cannot view or edit case settings. You can enable these actions by customizing the sub-feature privileges.
 
 | Give access to add alerts to cases
 a|

From e4a3c0ffd065ecd09aa7388a78c3d3632fec4374 Mon Sep 17 00:00:00 2001
From: Lisa Cawley <lcawley@elastic.co>
Date: Wed, 3 Jan 2024 18:05:43 -0800
Subject: [PATCH 2/2] [DOCS] Clarify alert removal authority

---
 docs/en/observability/grant-cases-access.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/en/observability/grant-cases-access.asciidoc b/docs/en/observability/grant-cases-access.asciidoc
index 1a2876daca..9e104ec9d3 100644
--- a/docs/en/observability/grant-cases-access.asciidoc
+++ b/docs/en/observability/grant-cases-access.asciidoc
@@ -26,7 +26,7 @@ a|
 ====
 Roles without `All` *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors.
 
-By default, `All` for the *Cases* feature includes authority to delete cases and comments and edit case settings unless you customize the sub-feature privileges.
+By default, `All` for the *Cases* feature includes authority to delete cases, delete alerts and comments from cases, and edit case settings unless you customize the sub-feature privileges.
 ====
 
 | Give assignee access to cases