Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Cases] Add new sub feature privilege to prevent access to case settings #3504

Merged
merged 2 commits into from
Jan 4, 2024
Merged

[Cases] Add new sub feature privilege to prevent access to case settings #3504

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
716bf99
[Cases] Add new sub feature privilege to prevent access to the cases …
lcawl Jan 4, 2024
e4a3c0f
[DOCS] Clarify alert removal authority
lcawl Jan 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 14 additions & 6 deletions docs/en/observability/grant-cases-access.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
[[grant-cases-access]]
= Configure access to cases

:frontmatter-description: Learn about the {kib} feature privileges required to access {observability} cases.
:frontmatter-tags-products: [observability]
:frontmatter-tags-content-type: [how-to]
:frontmatter-tags-user-goals: [configure]

// lint ignore observability
To access and send cases to external systems, you need the {subscriptions}[appropriate license],
and your role must have the *Cases* {kib} privilege as a user for the *{observability}* feature.
Expand All @@ -17,20 +22,23 @@ a|
* `All` for the *Cases* feature under *{observability}*.
* `All` for the *{connectors-feature}* feature under *Management*.

NOTE: Roles without `All` *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors.
[NOTE]
====
Roles without `All` *{connectors-feature}* feature privileges cannot create, add, delete, or modify case connectors.

By default, `All` for the *Cases* feature includes authority to delete cases, delete alerts and comments from cases, and edit case settings unless you customize the sub-feature privileges.
====

| Give assignee access to cases
a| `All` for the *Cases* feature under *{observability}*.

NOTE: Before a user can be assigned to a case, they must log into {kib} at
least once, which creates a user profile.

| Give view-only access for cases | `Read` for the *Cases* feature under *{observability}*.

| Give access to view and delete cases
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Give access to view and delete cases

... I deleted this row but if you prefer to keep it separated this way, we'd need to create another new row and cover the "Give access to view cases and edit case settings" scenario.

a| `Read` for the *Cases* feature under *{observability}* with the deletion sub-feature enabled.
| Give view-only access for cases
a| `Read` for the *Cases* feature under *{observability}*.

NOTE: These privileges also enable you to delete comments and alerts from a case.
NOTE: By default, `Read` for the *Cases* feature does not include authority to delete cases or delete alerts and comments from cases. You also cannot view or edit case settings. You can enable these actions by customizing the sub-feature privileges.

| Give access to add alerts to cases
a|
Expand Down
Loading