From 0d18da31fceaff6c5c7dcd8c1632b340ca17b332 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gerg=C5=91=20=C3=81brah=C3=A1m?= Date: Wed, 25 Jun 2025 17:50:50 +0200 Subject: [PATCH 1/3] fix role migration --- .../product_features/security_product_features_config.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/security_product_features_config.ts b/x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/security_product_features_config.ts index 91c8fb966f944..582afb226676a 100644 --- a/x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/security_product_features_config.ts +++ b/x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/security_product_features_config.ts @@ -93,6 +93,10 @@ const securityProductFeaturesConfig: Record< // Users who have been able to write ANY Artifact before are now granted with this privilege to keep existing behavior. // This migration is for Endpoint Exceptions artifact in Serverless offering, as it included in Security:ALL privilege. 'global_artifact_management_all', + + // As we are switching from `all` to `minimal_all`, Endpoint Exceptions is needed to be added, as it was included in `all`, + // but not in `minimal_all`. + 'endpoint_exceptions_all', ], }; } From 5522173f899703711dcf1735bc6d9005a821f944 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gerg=C5=91=20=C3=81brah=C3=A1m?= Date: Wed, 25 Jun 2025 17:57:08 +0200 Subject: [PATCH 2/3] update migration test --- .../siem_v3_global_artifact_management.ts | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/role_migrations/trial_license_complete_tier/siem_v3_global_artifact_management.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/role_migrations/trial_license_complete_tier/siem_v3_global_artifact_management.ts index 550e048258e6c..453eeb0f44a57 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/role_migrations/trial_license_complete_tier/siem_v3_global_artifact_management.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/role_migrations/trial_license_complete_tier/siem_v3_global_artifact_management.ts @@ -133,16 +133,29 @@ export default function ({ getService }: FtrProviderContext) { describe(`${deprecatedSiem}:ALL`, () => { // siem:ALL includes Endpoint Exceptions both on ESS and Serverless - it('should add global_artifact_management:ALL', async () => { + it('@skipInServerless should add global_artifact_management:ALL on ESS', async () => { await putDeprecatedSiemPrivilegesInRole(['all']); expect(await getMigratedSiemFeaturesFromRole()).to.eql([ // sub-features toggle enabled to show Global Artifact Management 'minimal_all', - // Endpoint exceptions are tied to siem:ALL, hence the global_artifact_management_all + // Endpoint exceptions are tied to siem:ALL, hence the global_artifact_management_all to keep behaviour 'global_artifact_management_all', ]); }); + + it('@skipInEss should add global_artifact_management:ALL and endpoint_exceptions:ALL on serverless', async () => { + await putDeprecatedSiemPrivilegesInRole(['all']); + + expect(await getMigratedSiemFeaturesFromRole()).to.eql([ + // sub-features toggle enabled to show Global Artifact Management + 'minimal_all', + // Endpoint exceptions are tied to siem:ALL, hence the global_artifact_management_all to keep behaviour + 'global_artifact_management_all', + // Enpdoint Exceptions were included in siem:ALL, so we need to include them in siem:MINIMAL_ALL + 'endpoint_exceptions_all', + ]); + }); }); describe(`${deprecatedSiem}:MINIMAL_ALL`, () => { From 105ffd8f1a417fdade6f5a59bf16d1cb5bcbeedb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gerg=C5=91=20=C3=81brah=C3=A1m?= Date: Wed, 25 Jun 2025 17:57:19 +0200 Subject: [PATCH 3/3] update snapshot test --- .../test_suites/security/platform_security/authorization.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts index 2db438f8dc20e..3b27e36d1a7c1 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts @@ -1085,6 +1085,8 @@ export default function ({ getService }: FtrProviderContext) { "ui:siemV3/investigation-guide-interactions", "ui:siemV3/threat-intelligence", "ui:siemV3/writeGlobalArtifacts", + "ui:siemV3/showEndpointExceptions", + "ui:siemV3/crudEndpointExceptions", ], "blocklist_all": Array [ "login:", @@ -3737,6 +3739,8 @@ export default function ({ getService }: FtrProviderContext) { "ui:siemV3/investigation-guide-interactions", "ui:siemV3/threat-intelligence", "ui:siemV3/writeGlobalArtifacts", + "ui:siemV3/showEndpointExceptions", + "ui:siemV3/crudEndpointExceptions", ], "blocklist_all": Array [ "login:",