elastic · shainaraskas · Apr 16, 2026 · Mar 12, 2026 · Mar 13, 2026 · Mar 13, 2026
diff --git a/deploy-manage/_snippets/cps-bidirectional-note.md b/deploy-manage/_snippets/cps-bidirectional-note.md
@@ -0,0 +1 @@
+Project linking is not bidirectional. Searches initiated from a linked project do **not** run against the origin project. If you need bidirectional search, link the projects twice, in both directions.
@@ -0,0 +1,12 @@
+
+- **Maximum of 20 linked projects:** Each origin project can have up to 20 linked projects. A linked project can be associated with any number of origin projects.
+- **Chaining/transitivity not supported:** If Project A links to Project B, and Project B links to Project C, Project A cannot automatically search Project C. Each link is independent.
+- **Links are unidirectional:** Searches that run from a linked project do **not** run against the origin project. If you need bidirectional search, link the projects twice, in both directions.
+- **System indices are excluded:** System indices (such as `.security` and `.fleet-*`) are excluded from {{cps}}.
+- **Unavailable APIs:** `_transform` and `_fleet_search` requests do not support {{cps-init}}.
+- **Workplace AI projects:** Workplace AI projects are not compatible with {{cps}}.
+- {applies_to}`serverless: preview` **New projects only:** During technical preview, only newly created projects can function as origin projects.
+- {applies_to}`serverless: preview` **ML and transforms:** ML {{anomaly-jobs}} and transforms are not supported in the technical preview. They continue to run on origin project data only.
+
+% - {applies_to}`serverless: preview` **Failure store:**
+% - {applies_to}`serverless: preview` **Project aliases:** During technical preview, you can't edit a project's alias on the **{{cps-cap}}** page.
diff --git a/deploy-manage/_snippets/cps-link-projects-procedure.md b/deploy-manage/_snippets/cps-link-projects-procedure.md
@@ -0,0 +1,13 @@
+To link projects, use the {{cps}} linking wizard in the {{ecloud}} UI:
+
+1. On the home screen, find the project you want to use as the origin project and click **Manage**.
+
+1. Use the sidebar to navigate to the **{{cps-cap}}** page.
+
+1. Click **Link projects**. Browse or search for projects to link to the origin project. Only compatible projects appear in the project list. You can filter by type, cloud provider, region, and tags.
+
+1. Select the checkbox for each project you want to link. You can link up to 20 projects per origin project.
+
+    If a project you expected to link to is missing from the list, it might not be compatible with the origin project.
+
+1. Complete the remaining steps in the wizard to review and save your selections. In the last step, you can click **View API request** to see the equivalent API request for linking to the selected projects.
@@ -0,0 +1,4 @@
+{{cps-cap}} runs across _origin_ and _linked_ projects within your {{ecloud}} organization:
+
+- **Origin project:** The base project where you create links and run cross-project searches.
+- **Linked projects:** The projects you connect to the origin project. Data in the linked projects becomes searchable from the origin project.
@@ -0,0 +1,107 @@
+---
+applies_to:
+  stack: unavailable
+  serverless: preview
+products:
+  - id: cloud-serverless
+navigation_title: "Cross-project search"
+---
+
+# Configure {{cps}} [configure-cross-project-search]
+
+With {{cps}} ({{cps-init}}), users in your organization can search across multiple {{serverless-full}} projects at once, instead of searching each project individually. When your data is split across projects to organize ownership, use cases, or environments, {{cps}} lets you query all the data from a single place. 
+
+{{cps-cap}} is the {{serverless-short}} equivalent of [{{ccs}}](/explore-analyze/cross-cluster-search.md), without requiring an understanding of deployment architecture. Permissions stay consistent across projects, and you can always adjust scope and access as needed.
+
+This section explains how to set up and manage {{cps}} for your organization, including linking projects, managing user access, and refining scope.
+
+* [Link and manage projects](/deploy-manage/cross-project-search-config/cps-config-link-and-manage.md): Link projects in the {{ecloud}} UI, manage linked projects, and unlink projects.
+* [Access and scope](/deploy-manage/cross-project-search-config/cps-config-access-and-scope.md): Manage user access across linked projects and configure the default {{cps}} scope per space.
+* [Impacts and limitations](/deploy-manage/cross-project-search-config/cps-config-impacts-and-limitations.md): Understand how {{cps}} affects alerting, dashboards, and other features, and review current limitations.
+
+These topics cover {{CPS}} configuration and management. For information on _using_ {{cps}}, including syntax and examples, refer to [](/explore-analyze/cross-project-search.md) in **Explore and analyze**.
+
+:::{note}
+{{cps-cap}} is available for {{serverless-full}} projects only. For other deployment types, refer to [{{ccs}}](/explore-analyze/cross-cluster-search.md).
+:::
+
+## Key concepts
+
+::::{include} /deploy-manage/_snippets/cps-origin-linked-definitions.md
+::::
+
+::::{include} /explore-analyze/cross-project-search/_snippets/cps-default-search-behavior.md
+::::
+
+To adjust the default scope, you can [configure the default CPS scope](/deploy-manage/cross-project-search-config/cps-config-access-and-scope.md#cps-default-search-scope) for each space.
+
+For details about project IDs and aliases (used in search expressions), refer to [Project ID and aliases](/explore-analyze/cross-project-search.md#project-id-and-aliases).
+
+## Before you begin [cps-prerequisites]
+
+To configure {{cps}}, make sure you meet these prerequisites:
+
+- You must be an organization owner or project administrator.
+- Your origin and linked projects must be [compatible](#cps-compatibility).
+- For programmatic access, you must use [{{ecloud}} API keys](/deploy-manage/api-keys/elastic-cloud-api-keys.md), **not** project-scoped API keys. {{ecloud}} API keys can authenticate across project boundaries. Project-scoped API keys (such as {{es}} API keys) can't search across project boundaries, so they return origin-only results.
+
+% update wrt UIAM docs (esp links); subscription/licensing?
+% TODO confirm project-scoped API keys silently return origin-only results (no error) (ES API in E&A)
+
+## Projects available for linking [cps-compatibility]
+
+::::{important}
+:applies_to: serverless: preview
+**Origin projects must be new**: During technical preview, only newly created projects can be origin projects for {{cps}}. Existing projects can be _linked_ to an origin project, but they can't serve as origin projects themselves. To get started, create a new {{serverless-short}} project and link it to your existing projects.
+::::
+
+You can link any combination of {{product.elasticsearch}}, {{product.observability}}, and {{product.security}} projects, with the following requirements and limitations:
+
+- {{es}} projects require the **Serverless Plus** add-on.
+- {{sec-serverless}} and {{obs-serverless}} projects require the **Complete** feature tier. Projects on the **Essentials** tier are not compatible with {{cps}}.
+- Workplace AI projects are not compatible with {{cps}}.
+
+Only compatible projects appear in the [{{cps}} linking wizard](/deploy-manage/cross-project-search-config/cps-config-link-and-manage.md#cps-link-projects).
+
+% TODO cf https://github.com/elastic/docs-content/pull/5190
+
+## Plan your {{cps-init}} architecture [cps-arch]
+
+When configuring {{cps}}, consider how the {{cps-init}} architecture (or linking pattern) will affect searches, dashboards, and alerting across your organization. {{cps-cap}} supports three patterns, each with a different level of operational risk.
+
+### Recommended: Overview project [cps-arch-overview]
+
+For most deployments, we recommend creating a dedicated **overview project** that can act as an origin project. You can also think of this as a hub-and-spoke model.
+
+In this architecture, you create a new, empty project and link existing projects to it. You run all cross-project searches and dashboards from the new overview project, while your actual active projects continue to operate independently. The linked ("spoke") projects are not linked to each other. 
+
+![Overview project architecture for cross-project search](images/serverless-cross-project-search-arch.svg)
+
+The overview project becomes a central point for broad searches, dashboards, and investigations, without affecting your existing setup (for example, isolated projects stay isolated).
+
+:::{note}
+If your overview project handles high search volumes, monitor its performance. Even if the project doesn't store data, it uses compute resources to coordinate searches across linked projects.
+:::
+
+### Other supported patterns
+
+The overview project model is strongly recommended and appropriate for most {{cps-init}} configurations. These additional patterns are valid, but they involve additional risk and require careful configuration:
+
+- **Shared data project (N-to-1):** A single project stores data from a shared service (for example, logs). Multiple origin projects link to this central data project. 
+
+    The N-to-1 pattern is often used when several teams need to query shared data independently. The main risk is that linking to a shared data project affects searches, dashboards, and alerts in each origin project. If the shared project is a large, active project, the expanded dataset might cause unexpected behavior. If you're using this pattern, make sure to [manage user access](/deploy-manage/cross-project-search-config/cps-config-access-and-scope.md#manage-user-access) and consider [CPS scope](/deploy-manage/cross-project-search-config/cps-config-access-and-scope.md#cps-search-scope).
+
+- **Data mesh (N-to-N):** Multiple active projects link directly to each other.
+
+    The N-to-N pattern is the most complex and involves the highest risk. After you link projects, all searches, dashboards, and alerting rules in each origin project will query data from every linked project by default, which might make workflows unpredictable. Make sure you check alerting rules, which might be applied to data that the rule was never intended to evaluate.
+
+
+## Using APIs with {{cps-init}} [cps-apis]
+
+You can also link and unlink projects using the {{ecloud}} API. In the linking wizard, click **View API request** on the review step to see the equivalent API call for your current selection.
+
+For information about searching across linked projects using APIs, refer to [{{cps-cap}}](/explore-analyze/cross-project-search.md#cps-supported-apis).
+
+% Parking lot
+% - Tag management / custom tags
+% - Licensing / subscription tier requirements
@@ -0,0 +1,98 @@
+---
+applies_to:
+  stack: unavailable
+  serverless: preview
+products:
+  - id: cloud-serverless
+navigation_title: "Access and scope"
+---
+
+# Manage access and scope for {{cps}} [cps-access-and-scope]
+
+This page explains how user permissions and scope affect {{cps}} ({{cps-init}}) behavior. 
+
+For more details about {{cps-init}} configuration, refer to [](/deploy-manage/cross-project-search-config.md). For information about _using_ {{cps-init}}, refer to [](/explore-analyze/cross-project-search.md).
+
+## Manage user access [manage-user-access]
+
+Access to data in linked projects is determined by the [roles](/deploy-manage/users-roles/cluster-or-deployment-auth/user-roles.md) assigned to the user in each project. Whether a user queries a project directly or through {{cps}}, the same permissions apply.
+
+When a {{cps}} query reaches a linked project, the system verifies the user's identity and evaluates the roles assigned to that user in the linked project. Users can only access resources if their roles permit. This means {{cps}} results can vary by user, depending on each user's role assignments across projects.
+
+For example, if a user has read access to the `logs` index in Project B but not in Project C, a {{cps}} for `logs` returns documents from Project B and silently excludes Project C.
+
+For the full security model, including how authentication and authorization work across projects, refer to [Security](/explore-analyze/cross-project-search.md#security) in **Explore and analyze**.
+
+### Administrator tasks
+
+- Make sure that users who need to search across linked projects have a [role assigned](/deploy-manage/users-roles.md) on each linked project they need to access. Authorization is evaluated on the linked project, without regard to the origin project.
+- If a user reports missing data from a linked project, check their role assignment on that specific linked project first.
+
+% TODO alerting impacts of user role changes 
+
+## Manage {{cps}} scope [cps-search-scope]
+
+### About {{cps-init}} scope   
+
+The {{cps-init}} _scope_ is the set of searchable resources included in a {{cps}}. The scope can be:
+
+- Origin project + all linked projects (default)
+- Origin project + a set of linked projects, as defined by project routing
+- Origin project only
+
+The scope is further restricted by the user's or key's permissions. 
+
+Users can also set the scope on a per-query basis as needed, using [qualified search expressions](/explore-analyze/cross-project-search/cross-project-search-search.md#search-expressions) or [project routing](/explore-analyze/cross-project-search/cross-project-search-project-routing.md).
+
+By default, an unqualified search from an origin project targets the searchable resources in **all** linked projects, plus the searchable resources in the origin project. This default scope is intentionally broad, to provide the best user experience for searching across linked projects. 
+
+:::{important}
+The broad default {{cps-init}} scope can cause unexpected behavior, especially for alerts and dashboards that operate on the new combined dataset of the origin and all linked projects. Make sure to consider the search scope, including the [default {{cps-init}} scope for the space](#cps-default-search-scope), _before_ your users start working with {{cps}}.
+:::
+
+The following actions change the scope of {{cps}}es:
+
+- **Administrator actions:** 
+  - Setting the [default {{cps}} scope for a space](#cps-default-search-scope)
+  - Adjusting [user permissions](#manage-user-access) using roles or API keys (for example, creating {{ecloud}} API keys that span multiple projects)
+- **User actions:**
+  - Using [qualified search expressions](/explore-analyze/cross-project-search/cross-project-search-search.md#search-expressions)
+  - Using [project routing](/explore-analyze/cross-project-search/cross-project-search-project-routing.md)
+
+The scope controls which projects receive the search request, while _filtering_ controls which results are returned by the search.
+
+### Set the default {{cps-init}} scope for a space [cps-default-search-scope]
+
+You can adjust the broad {{cps-init}} default by setting a narrower {{cps}} scope for each space. This setting determines the _default_ search scope for all users in that space. Users can override the default by setting their preferred scope when searching, filtering, or running queries. 
+
+Space settings are managed in {{kib}}. 
+
+1. To open space settings, click **Manage spaces** at the top of the **{{cps-cap}}** page. Select the space you want to configure.  
+
+% ::::{important}
+% If you don't adjust the default search scope, all searches, dashboards
+% visualizations, and alerting rules in the origin project will query data from 
+% **every** linked project.
+% ::::
+
+2. In the general space settings, find the **{{cps-cap}}** panel and set the default scope for the space:
+   - **All projects:** (default) Searches run across the origin project and all linked projects.
+   - **This project:**  Searches run only against the origin project's data.
+
+3. Click **Apply changes** to save the scope setting.
+
+% (not yet) - **Specific projects:** Select individual linked projects to include in the default scope.
+
+::::{note}
+The default {{cps}} scope is a space setting, not an access control. You can also [manage user access](#manage-user-access).
+::::
+
+### How {{cps-init}} scope works in {{kib}}
+
+When processing a search request, {{kib}} applies the most specific scope setting available:
+
+1. **Saved object scope (most specific):** Explicit project routing saved on a specific rule, dashboard panel, or other saved object (for example, `project_routing: _origin`).
+2. **Space-level default:** The default {{cps}} scope that an administrator configures for a space.
+3. **{{cps-init}} default (least specific):** The default broad setting, which searches the origin project and all linked projects.
+
+New dashboards, rules, and saved searches automatically adopt the space's default scope. Existing saved objects that don't have an explicit project routing also follow the space-level default.
diff --git a/deploy-manage/cross-project-search-config/cps-config-impacts-and-limitations.md b/deploy-manage/cross-project-search-config/cps-config-impacts-and-limitations.md
@@ -0,0 +1,32 @@
+---
+applies_to:
+  stack: unavailable
+  serverless: preview
+products:
+  - id: cloud-serverless
+navigation_title: "Impacts and limitations"
+---
+
+# {{cps-cap}} impacts and limitations [cps-impacts-and-limitations]
+
+This page explains how setting up {{cps}} ({{cps-init}}) affects features in the origin project, and lists overall limitations of {{cps-init}}.
+
+For more details about {{cps-init}} configuration, refer to [](/deploy-manage/cross-project-search-config.md). For information about _using_ {{cps-init}}, refer to [](/explore-analyze/cross-project-search.md).
+
+## Feature impacts [cps-feature-impacts]
+
+% TODO billing: {{cps-init}} generates network egress when the origin project queries linked projects. Data transfer fees may apply, especially for cross-region or cross-cloud-provider queries.
+% TODO link to billing docs (D3B) when available. Exact billing SKU may still be TBD.
+
+- **Alerting:** By default, alerting rules in the origin project run against the **combined dataset** of the origin and all linked projects. Alerting rules tuned for a single project's data might produce false positives when they evaluate a larger dataset. This is one reason we recommend using a dedicated [overview project](/deploy-manage/cross-project-search-config.md#cps-arch-overview), so that existing alerting rules on data projects are not affected.
+
+% TODO link to alerting impacts doc when available
+
+- **Dashboards and visualizations:** Existing dashboards and visualizations in the origin project will query all linked projects by default. To control this, set the [default {{cps}} scope](/deploy-manage/cross-project-search-config/cps-config-access-and-scope.md#cps-default-search-scope) for each space, or save explicit project routing on individual dashboard panels.
+
+- **User permissions:** {{cps-cap}} results are filtered by each user's role assignments across projects. Users with different roles will see different results from the same query. Refer to [Manage user access](/deploy-manage/cross-project-search-config/cps-config-access-and-scope.md#manage-user-access).
+
+## Limitations [cps-limitations]
+
+::::{include} /deploy-manage/_snippets/cps-limitations-core.md
+::::
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Project linking is not bidirectional. Searches initiated from a linked project do not run against the origin project. If you need bidirectional search, link the projects twice, in both directions.