diff --git a/x-pack/platform/plugins/private/translations/translations/fr-FR.json b/x-pack/platform/plugins/private/translations/translations/fr-FR.json
index 2c534b280dad8..45f96ebcf8e64 100644
--- a/x-pack/platform/plugins/private/translations/translations/fr-FR.json
+++ b/x-pack/platform/plugins/private/translations/translations/fr-FR.json
@@ -39476,7 +39476,6 @@
     "xpack.securitySolution.entityAnalytics.riskDashboard.noEntity.riskLevelTitle": "Niveau de risque",
     "xpack.securitySolution.entityAnalytics.riskDashboard.riskLevelTitle": "Score de risque de {riskEntity}",
     "xpack.securitySolution.entityAnalytics.riskDashboard.viewAllLabel": "Afficher tout",
-    "xpack.securitySolution.entityAnalytics.riskEngine.missingClusterPrivilege": "Privilèges de cluster manquants : {privileges}.",
     "xpack.securitySolution.entityAnalytics.riskEngine.missingIndexPrivilege": "Privilèges d'index manquants pour l'index \"{indexName}\" : {privileges}.",
     "xpack.securitySolution.entityAnalytics.riskEngine.unauthorized": "L'utilisateur ne dispose pas des privilèges requis pour modifier le moteur de risque.",
     "xpack.securitySolution.entityAnalytics.riskScore.chart.totalLabel": "Total",
diff --git a/x-pack/platform/plugins/private/translations/translations/ja-JP.json b/x-pack/platform/plugins/private/translations/translations/ja-JP.json
index 09b5a0167dd43..447b1da3a5373 100644
--- a/x-pack/platform/plugins/private/translations/translations/ja-JP.json
+++ b/x-pack/platform/plugins/private/translations/translations/ja-JP.json
@@ -39445,7 +39445,6 @@
     "xpack.securitySolution.entityAnalytics.riskDashboard.noEntity.riskLevelTitle": "リスクレベル",
     "xpack.securitySolution.entityAnalytics.riskDashboard.riskLevelTitle": "{riskEntity}リスクレベル",
     "xpack.securitySolution.entityAnalytics.riskDashboard.viewAllLabel": "すべて表示",
-    "xpack.securitySolution.entityAnalytics.riskEngine.missingClusterPrivilege": "クラスター権限が不足しています：{privileges}。",
     "xpack.securitySolution.entityAnalytics.riskEngine.missingIndexPrivilege": "インデックス\"{indexName}\"のインデックス権限が不足しています：{privileges}。",
     "xpack.securitySolution.entityAnalytics.riskEngine.unauthorized": "ユーザーにはリスクエンジン権限がありません。",
     "xpack.securitySolution.entityAnalytics.riskScore.chart.totalLabel": "合計",
diff --git a/x-pack/platform/plugins/private/translations/translations/zh-CN.json b/x-pack/platform/plugins/private/translations/translations/zh-CN.json
index a5c32886560ce..9e51d4b290839 100644
--- a/x-pack/platform/plugins/private/translations/translations/zh-CN.json
+++ b/x-pack/platform/plugins/private/translations/translations/zh-CN.json
@@ -39510,7 +39510,6 @@
     "xpack.securitySolution.entityAnalytics.riskDashboard.noEntity.riskLevelTitle": "风险级别",
     "xpack.securitySolution.entityAnalytics.riskDashboard.riskLevelTitle": "{riskEntity} 风险级别",
     "xpack.securitySolution.entityAnalytics.riskDashboard.viewAllLabel": "查看全部",
-    "xpack.securitySolution.entityAnalytics.riskEngine.missingClusterPrivilege": "缺少集群权限：{privileges}。",
     "xpack.securitySolution.entityAnalytics.riskEngine.missingIndexPrivilege": "缺少索引“{indexName}”的索引权限：{privileges}。",
     "xpack.securitySolution.entityAnalytics.riskEngine.unauthorized": "用户缺少风险引擎权限。",
     "xpack.securitySolution.entityAnalytics.riskScore.chart.totalLabel": "合计",
diff --git a/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/constants.ts b/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/constants.ts
index 775a4e072c5e9..6d4b936dcfec1 100644
--- a/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/constants.ts
+++ b/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/constants.ts
@@ -23,7 +23,11 @@ export const RISK_ENGINE_CONFIGURE_SO_URL =
 type ClusterPrivilege = 'manage_index_templates' | 'manage_transform' | 'manage_ingest_pipelines';
 // These are the required privileges to install the risk engine - enabling and running require less privileges
 // However, we check the full set for simplicity, since the UI does not distinguish between installing and enabling
-export const RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES = [
+export const TO_RUN_RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES = [
+  'manage_transform',
+] as ClusterPrivilege[];
+
+export const TO_ENABLE_RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES = [
   'manage_index_templates',
   'manage_transform',
   'manage_ingest_pipelines',
diff --git a/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/privileges.test.ts b/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/privileges.test.ts
index 34048149a7c58..a3a20f4c7f560 100644
--- a/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/privileges.test.ts
+++ b/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/privileges.test.ts
@@ -29,7 +29,10 @@ describe('getMissingRiskEnginePrivileges', () => {
     const missingPrivileges = getMissingRiskEnginePrivileges(noClusterPrivileges);
 
     expect(missingPrivileges).toEqual({
-      clusterPrivileges: ['manage_index_templates', 'manage_transform', 'manage_ingest_pipelines'],
+      clusterPrivileges: {
+        enable: ['manage_index_templates', 'manage_transform', 'manage_ingest_pipelines'],
+        run: ['manage_transform'],
+      },
       indexPrivileges: [],
     });
   });
@@ -54,7 +57,7 @@ describe('getMissingRiskEnginePrivileges', () => {
     const missingPrivileges = getMissingRiskEnginePrivileges(noIndexPrivileges);
 
     expect(missingPrivileges).toEqual({
-      clusterPrivileges: [],
+      clusterPrivileges: { enable: [], run: [] },
       indexPrivileges: [['risk-score.risk-score-*', ['read', 'write']]],
     });
   });
diff --git a/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/privileges.ts b/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/privileges.ts
index b03b9e2921325..1d3c726e9a958 100644
--- a/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/privileges.ts
+++ b/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/privileges.ts
@@ -9,11 +9,15 @@ import type { NonEmptyArray } from 'fp-ts/NonEmptyArray';
 import type { EntityAnalyticsPrivileges } from '../../api/entity_analytics';
 import type { RiskEngineIndexPrivilege } from './constants';
 import {
-  RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES,
+  TO_ENABLE_RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES,
+  TO_RUN_RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES,
   RISK_ENGINE_REQUIRED_ES_INDEX_PRIVILEGES,
 } from './constants';
 
-export type MissingClusterPrivileges = string[];
+export interface MissingClusterPrivileges {
+  enable: string[];
+  run: string[];
+}
 export type MissingIndexPrivileges = Array<readonly [indexName: string, privileges: string[]]>;
 
 export interface MissingPrivileges {
@@ -54,12 +58,20 @@ export const getMissingRiskEnginePrivileges = (
     privileges.elasticsearch.index,
     required
   );
-  const missingClusterPrivileges = RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES.filter(
-    (privilege) => !privileges.elasticsearch.cluster?.[privilege]
-  );
+  const missingClusterPrivilegesToEnableEngine =
+    TO_ENABLE_RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES.filter(
+      (privilege) => !privileges.elasticsearch.cluster?.[privilege]
+    );
+  const missingClusterPrivilegesToRunEngine =
+    TO_RUN_RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES.filter(
+      (privilege) => !privileges.elasticsearch.cluster?.[privilege]
+    );
 
   return {
     indexPrivileges: missingIndexPrivileges,
-    clusterPrivileges: missingClusterPrivileges,
+    clusterPrivileges: {
+      enable: missingClusterPrivilegesToEnableEngine,
+      run: missingClusterPrivilegesToRunEngine,
+    },
   };
 };
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/common/user_has_risk_engine_read_permissions.test.ts b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/common/user_has_risk_engine_read_permissions.test.ts
index 6425b68175935..55146abde1776 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/common/user_has_risk_engine_read_permissions.test.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/common/user_has_risk_engine_read_permissions.test.ts
@@ -22,7 +22,7 @@ describe('userHasRiskEngineReadPermissions', () => {
         isLoading: false,
         hasAllRequiredPrivileges: false,
         missingPrivileges: {
-          clusterPrivileges: [],
+          clusterPrivileges: { enable: ['N/A'], run: ['N/A'] },
           indexPrivileges: [['risk-score.risk-score-*', ['read']]],
         },
       })
@@ -35,7 +35,7 @@ describe('userHasRiskEngineReadPermissions', () => {
         isLoading: false,
         hasAllRequiredPrivileges: false,
         missingPrivileges: {
-          clusterPrivileges: [],
+          clusterPrivileges: { enable: ['N/A'], run: ['N/A'] },
           indexPrivileges: [['other-index.other-index-*', ['read']]],
         },
       })
@@ -48,7 +48,7 @@ describe('userHasRiskEngineReadPermissions', () => {
         isLoading: false,
         hasAllRequiredPrivileges: false,
         missingPrivileges: {
-          clusterPrivileges: [],
+          clusterPrivileges: { enable: ['N/A'], run: ['N/A'] },
           indexPrivileges: [['risk-score.risk-score-*', ['write']]],
         },
       })
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_store/components/enablement_modal.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_store/components/enablement_modal.test.tsx
index 4537fdb81dceb..b479d854a423e 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_store/components/enablement_modal.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_store/components/enablement_modal.test.tsx
@@ -83,7 +83,7 @@ const missingRiskEnginePrivileges: RiskEngineMissingPrivilegesResponse = {
   isLoading: false,
   hasAllRequiredPrivileges: false,
   missingPrivileges: {
-    clusterPrivileges: [],
+    clusterPrivileges: { enable: [], run: [] },
     indexPrivileges: [],
   },
 };
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/risk_engine_privileges_callout/translations.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/risk_engine_privileges_callout/translations.tsx
index d7e45c0ff80f3..f6bf05f9c01c5 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/risk_engine_privileges_callout/translations.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/risk_engine_privileges_callout/translations.tsx
@@ -66,20 +66,36 @@ export const MissingPrivilegesCallOutBody: React.FC<MissingPrivileges> = ({
               </ul>
             </>
           ) : null,
-        clusterPrivileges:
-          clusterPrivileges.length > 0 ? (
-            <>
-              <FormattedMessage
-                id="xpack.securitySolution.riskEngine.missingPrivilegesCallOut.messageBody.clusterPrivilegesTitle"
-                defaultMessage="Missing Elasticsearch cluster privileges:"
-              />
-              <ul>
-                {clusterPrivileges.map((privilege) => (
-                  <li key={privilege}>{privilege}</li>
-                ))}
-              </ul>
-            </>
-          ) : null,
+        clusterPrivileges: (
+          <>
+            {clusterPrivileges.enable.length > 0 && (
+              <>
+                <FormattedMessage
+                  id="xpack.securitySolution.riskEngine.missingPrivilegesCallOut.messageBody.clusterPrivilegesEnableTitle"
+                  defaultMessage="Missing Elasticsearch cluster privileges to enable Risk Score engine:"
+                />
+                <ul>
+                  {clusterPrivileges.enable.map((privilege) => (
+                    <li key={privilege}>{privilege}</li>
+                  ))}
+                </ul>
+              </>
+            )}
+            {clusterPrivileges.run.length > 0 && (
+              <>
+                <FormattedMessage
+                  id="xpack.securitySolution.riskEngine.missingPrivilegesCallOut.messageBody.clusterPrivilegesRunTitle"
+                  defaultMessage="Missing Elasticsearch cluster privileges to run Risk Score engine:"
+                />
+                <ul>
+                  {clusterPrivileges.run.map((privilege) => (
+                    <li key={privilege}>{privilege}</li>
+                  ))}
+                </ul>
+              </>
+            )}
+          </>
+        ),
       }}
     />
   );
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/hooks/use_missing_risk_engine_privileges.ts b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/hooks/use_missing_risk_engine_privileges.ts
index f9a07684bbb9c..d80944e3ff55b 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/hooks/use_missing_risk_engine_privileges.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/hooks/use_missing_risk_engine_privileges.ts
@@ -40,13 +40,6 @@ export const useMissingRiskEnginePrivileges = (
       };
     }
 
-    if (privilegesResponse.has_all_required) {
-      return {
-        isLoading: false,
-        hasAllRequiredPrivileges: true,
-      };
-    }
-
     const requiredIndexPrivileges: NonEmptyArray<RiskEngineIndexPrivilege> = readonly
       ? ['read']
       : ['read', 'write'];
@@ -60,7 +53,7 @@ export const useMissingRiskEnginePrivileges = (
     // Here we check if there are no missing privileges of the provided set of required privileges
     if (
       indexPrivileges.every(([_, missingPrivileges]) => missingPrivileges.length === 0) &&
-      (readonly || clusterPrivileges.length === 0) // cluster privileges check is required for write operations
+      (readonly || (clusterPrivileges.run.length === 0 && clusterPrivileges.enable.length === 0)) // cluster privileges check is required for write operations
     ) {
       return {
         isLoading: false,
@@ -73,7 +66,7 @@ export const useMissingRiskEnginePrivileges = (
       hasAllRequiredPrivileges: false,
       missingPrivileges: {
         indexPrivileges,
-        clusterPrivileges: readonly ? [] : clusterPrivileges, // cluster privileges are not required for readonly
+        clusterPrivileges: readonly ? { enable: [], run: [] } : clusterPrivileges, // cluster privileges are not required for readonly
       },
     };
   }, [isLoading, privilegesResponse, readonly]);
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/pages/entity_analytics_management_page.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/pages/entity_analytics_management_page.tsx
index cfebfa6bcfa82..bd1b9854fed1c 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/pages/entity_analytics_management_page.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/pages/entity_analytics_management_page.tsx
@@ -49,12 +49,17 @@ export const EntityAnalyticsManagementPage = () => {
   const [isLoading, setIsLoading] = useState(false);
   const { mutate: scheduleNowRiskEngine } = useScheduleNowRiskEngineMutation();
   const { addSuccess, addError } = useAppToasts();
+  const userCanRunEngine =
+    (!privileges.isLoading &&
+      (privileges.hasAllRequiredPrivileges ||
+        (!privileges.hasAllRequiredPrivileges &&
+          privileges.missingPrivileges?.clusterPrivileges?.run?.length === 0))) ||
+    false;
 
   const handleRunEngineClick = async () => {
     setIsLoading(true);
     try {
       scheduleNowRiskEngine();
-
       if (!isLoading) {
         addSuccess(i18n.RISK_SCORE_ENGINE_RUN_SUCCESS, { toastLifeTimeMs: 5000 });
       }
@@ -71,6 +76,9 @@ export const EntityAnalyticsManagementPage = () => {
 
   const isRunning = status === 'running' || (!!runAt && new Date(runAt) < new Date());
 
+  const runEngineBtnIsDisabled =
+    !currentRiskEngineStatus || isLoading || !userCanRunEngine || isRunning;
+
   const formatTimeFromNow = (time: string | undefined): string => {
     if (!time) {
       return '';
@@ -103,6 +111,7 @@ export const EntityAnalyticsManagementPage = () => {
                     <EuiButton
                       size="s"
                       iconType="play"
+                      disabled={runEngineBtnIsDisabled}
                       isLoading={isLoading}
                       onClick={handleRunEngineClick}
                     >
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_privileges.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_privileges.test.ts
index d8cc305a29b77..394a5a241cf1d 100644
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_privileges.test.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_privileges.test.ts
@@ -32,7 +32,7 @@ describe('_getMissingPrivilegesMessage', () => {
     const result = _getMissingPrivilegesMessage(noClusterPrivileges);
 
     expect(result).toMatchInlineSnapshot(
-      `"User is missing risk engine privileges.  Missing cluster privileges: manage_index_templates, manage_transform, manage_ingest_pipelines."`
+      `"User is missing risk engine privileges.  Missing cluster privileges to run the risk engine: manage_transform. Missing cluster privileges to enable the risk engine: manage_index_templates, manage_transform, manage_ingest_pipelines."`
     );
   });
 
@@ -59,7 +59,7 @@ describe('_getMissingPrivilegesMessage', () => {
     const result = _getMissingPrivilegesMessage(noIndexPrivileges);
 
     expect(result).toMatchInlineSnapshot(
-      `"User is missing risk engine privileges. Missing index privileges for index \\"risk-score.risk-score-*\\": read, write. "`
+      `"User is missing risk engine privileges. Missing index privileges for index \\"risk-score.risk-score-*\\": read, write.  "`
     );
   });
 
@@ -86,7 +86,7 @@ describe('_getMissingPrivilegesMessage', () => {
     const result = _getMissingPrivilegesMessage(noClusterOrIndexPrivileges);
 
     expect(result).toMatchInlineSnapshot(
-      `"User is missing risk engine privileges. Missing index privileges for index \\"risk-score.risk-score-*\\": read, write. Missing cluster privileges: manage_index_templates, manage_transform, manage_ingest_pipelines."`
+      `"User is missing risk engine privileges. Missing index privileges for index \\"risk-score.risk-score-*\\": read, write. Missing cluster privileges to run the risk engine: manage_transform. Missing cluster privileges to enable the risk engine: manage_index_templates, manage_transform, manage_ingest_pipelines."`
     );
   });
 });
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_privileges.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_privileges.ts
index 56f6fb80fe859..eba5cc7a50201 100644
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_privileges.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_privileges.ts
@@ -18,13 +18,14 @@ import type { EntityAnalyticsPrivileges } from '../../../../common/api/entity_an
 import type { SecuritySolutionPluginStartDependencies } from '../../../plugin_contract';
 import type { SecuritySolutionRequestHandlerContext } from '../../../types';
 import {
-  RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES,
+  TO_RUN_RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES,
+  TO_ENABLE_RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES,
   RISK_ENGINE_REQUIRED_ES_INDEX_PRIVILEGES,
   getMissingRiskEnginePrivileges,
 } from '../../../../common/entity_analytics/risk_engine';
 import { checkAndFormatPrivileges } from '../utils/check_and_format_privileges';
 
-export const getUserRiskEnginePrivileges = async (
+export const getRunRiskEnginePrivileges = async (
   request: KibanaRequest,
   security: SecurityPluginStart
 ) => {
@@ -33,7 +34,23 @@ export const getUserRiskEnginePrivileges = async (
     security,
     privilegesToCheck: {
       elasticsearch: {
-        cluster: RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES,
+        cluster: TO_RUN_RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES,
+        index: {},
+      },
+    },
+  });
+};
+
+export const getEnableRiskEnginePrivileges = async (
+  request: KibanaRequest,
+  security: SecurityPluginStart
+) => {
+  return checkAndFormatPrivileges({
+    request,
+    security,
+    privilegesToCheck: {
+      elasticsearch: {
+        cluster: TO_ENABLE_RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES,
         index: RISK_ENGINE_REQUIRED_ES_INDEX_PRIVILEGES,
       },
     },
@@ -57,14 +74,29 @@ export const _getMissingPrivilegesMessage = (riskEnginePrivileges: EntityAnalyti
     )
     .join('\n');
 
-  const clusterPrivilegesMessage = !clusterPrivileges.length
+  const clusterRunPrivilegesMessage = !clusterPrivileges.run.length
     ? ''
-    : i18n.translate('xpack.securitySolution.entityAnalytics.riskEngine.missingClusterPrivilege', {
-        defaultMessage: 'Missing cluster privileges: {privileges}.',
-        values: {
-          privileges: clusterPrivileges.join(', '),
-        },
-      });
+    : i18n.translate(
+        'xpack.securitySolution.entityAnalytics.riskEngine.missingClusterRunPrivilege',
+        {
+          defaultMessage: 'Missing cluster privileges to run the risk engine: {privileges}.',
+          values: {
+            privileges: clusterPrivileges.run.join(', '),
+          },
+        }
+      );
+
+  const clusterEnablePrivilegesMessage = !clusterPrivileges.enable.length
+    ? ''
+    : i18n.translate(
+        'xpack.securitySolution.entityAnalytics.riskEngine.missingClusterEnablePrivilege',
+        {
+          defaultMessage: 'Missing cluster privileges to enable the risk engine: {privileges}.',
+          values: {
+            privileges: clusterPrivileges.enable.join(', '),
+          },
+        }
+      );
 
   const unauthorizedMessage = i18n.translate(
     'xpack.securitySolution.entityAnalytics.riskEngine.unauthorized',
@@ -73,7 +105,7 @@ export const _getMissingPrivilegesMessage = (riskEnginePrivileges: EntityAnalyti
     }
   );
 
-  return `${unauthorizedMessage} ${indexPrivilegesMessage} ${clusterPrivilegesMessage}`;
+  return `${unauthorizedMessage} ${indexPrivilegesMessage} ${clusterRunPrivilegesMessage} ${clusterEnablePrivilegesMessage}`;
 };
 
 /**
@@ -83,20 +115,62 @@ export const _getMissingPrivilegesMessage = (riskEnginePrivileges: EntityAnalyti
  * @param handler - The route handler to wrap
  **/
 export const withRiskEnginePrivilegeCheck = <P, Q, B>(
-  getStartServices: StartServicesAccessor<SecuritySolutionPluginStartDependencies, unknown>,
-  handler: (
+  privilegeTypeOrServices:
+    | 'run'
+    | 'enable'
+    | StartServicesAccessor<SecuritySolutionPluginStartDependencies, unknown>,
+  handlerOrServices:
+    | ((
+        context: SecuritySolutionRequestHandlerContext,
+        request: KibanaRequest<P, Q, B>,
+        response: KibanaResponseFactory
+      ) => Promise<IKibanaResponse>)
+    | StartServicesAccessor<SecuritySolutionPluginStartDependencies, unknown>,
+  optionalHandler?: (
     context: SecuritySolutionRequestHandlerContext,
     request: KibanaRequest<P, Q, B>,
     response: KibanaResponseFactory
   ) => Promise<IKibanaResponse>
 ) => {
+  // Determine if privilegeType is provided or if it's the default case
+  let privilegeType: 'run' | 'enable' = 'enable';
+  let getStartServices: StartServicesAccessor<SecuritySolutionPluginStartDependencies, unknown>;
+  let handler: (
+    context: SecuritySolutionRequestHandlerContext,
+    request: KibanaRequest<P, Q, B>,
+    response: KibanaResponseFactory
+  ) => Promise<IKibanaResponse>;
+
+  if (typeof privilegeTypeOrServices === 'string') {
+    // First parameter is the privilegeType
+    privilegeType = privilegeTypeOrServices;
+    getStartServices = handlerOrServices as StartServicesAccessor<
+      SecuritySolutionPluginStartDependencies,
+      unknown
+    >;
+    if (optionalHandler === undefined) {
+      throw new Error('Handler is required when using privilege type parameter');
+    }
+    handler = optionalHandler;
+  } else {
+    // First parameter is getStartServices, privilegeType is default 'enable'
+    getStartServices = privilegeTypeOrServices;
+    handler = handlerOrServices as (
+      context: SecuritySolutionRequestHandlerContext,
+      request: KibanaRequest<P, Q, B>,
+      response: KibanaResponseFactory
+    ) => Promise<IKibanaResponse>;
+  }
+
   return async (
     context: SecuritySolutionRequestHandlerContext,
     request: KibanaRequest<P, Q, B>,
     response: KibanaResponseFactory
   ) => {
     const [_, { security }] = await getStartServices();
-    const privileges = await getUserRiskEnginePrivileges(request, security);
+    const privilegeCheckFn =
+      privilegeType === 'run' ? getRunRiskEnginePrivileges : getEnableRiskEnginePrivileges;
+    const privileges = await privilegeCheckFn(request, security);
     if (!privileges.has_all_required) {
       const siemResponse = buildSiemResponse(response);
       return siemResponse.error({
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.test.ts
index 29e43de5d8fb7..14c8515ffeaea 100644
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.test.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.test.ts
@@ -178,7 +178,7 @@ describe('risk engine cleanup route', () => {
       expect(response.status).toBe(403);
       expect(response.body).toEqual({
         message:
-          'User is missing risk engine privileges.  Missing cluster privileges: manage_index_templates, manage_transform, manage_ingest_pipelines.',
+          'User is missing risk engine privileges.  Missing cluster privileges to run the risk engine: manage_transform. Missing cluster privileges to enable the risk engine: manage_index_templates, manage_transform, manage_ingest_pipelines.',
         status_code: 403,
       });
     });
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/privileges.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/privileges.ts
index 307da6980da50..600f78770b03a 100644
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/privileges.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/privileges.ts
@@ -14,7 +14,7 @@ import { AUDIT_CATEGORY, AUDIT_OUTCOME, AUDIT_TYPE } from '../../audit';
 import { RiskScoreAuditActions } from '../../risk_score/audit';
 import type { EntityAnalyticsRoutesDeps } from '../../types';
 
-import { getUserRiskEnginePrivileges } from '../risk_engine_privileges';
+import { getEnableRiskEnginePrivileges } from '../risk_engine_privileges';
 
 export const riskEnginePrivilegesRoute = (
   router: EntityAnalyticsRoutesDeps['router'],
@@ -41,7 +41,7 @@ export const riskEnginePrivilegesRoute = (
         const [_, { security }] = await getStartServices();
         const securitySolution = await context.securitySolution;
 
-        const body = await getUserRiskEnginePrivileges(request, security);
+        const body = await getEnableRiskEnginePrivileges(request, security);
 
         securitySolution.getAuditLogger()?.log({
           message: 'User checked if they have the required privileges to configure the risk engine',
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/schedule_now.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/schedule_now.ts
index 99ec60b281293..207266a48e575 100644
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/schedule_now.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/schedule_now.ts
@@ -35,7 +35,7 @@ export const riskEngineScheduleNowRoute = (
     })
     .addVersion(
       { version: API_VERSIONS.public.v1, validate: {} },
-      withRiskEnginePrivilegeCheck(getStartServices, async (context, request, response) => {
+      withRiskEnginePrivilegeCheck('run', getStartServices, async (context, request, response) => {
         const securitySolution = await context.securitySolution;
 
         securitySolution.getAuditLogger()?.log({