diff --git a/x-pack/solutions/security/packages/features/privileges.ts b/x-pack/solutions/security/packages/features/privileges.ts deleted file mode 100644 index 5cfe7b2d58d3b..0000000000000 --- a/x-pack/solutions/security/packages/features/privileges.ts +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -export { - ProductFeaturesPrivilegeId, - ProductFeaturesPrivileges, -} from './src/product_features_privileges'; diff --git a/x-pack/solutions/security/packages/features/src/product_features_privileges.ts b/x-pack/solutions/security/packages/features/src/product_features_privileges.ts deleted file mode 100644 index 22b4e858e4a55..0000000000000 --- a/x-pack/solutions/security/packages/features/src/product_features_privileges.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { APP_ID } from './constants'; - -export enum ProductFeaturesPrivilegeId { - endpointExceptions = 'endpoint_exceptions', -} - -/** - * This is the mapping of the privileges that are registered - * using a different Kibana feature configuration (sub-feature, main feature privilege, etc) - * in each offering type (ess, serverless) - */ -export const ProductFeaturesPrivileges = { - [ProductFeaturesPrivilegeId.endpointExceptions]: { - all: { - ui: ['showEndpointExceptions', 'crudEndpointExceptions'], - api: [`${APP_ID}-showEndpointExceptions`, `${APP_ID}-crudEndpointExceptions`], - }, - read: { - ui: ['showEndpointExceptions'], - api: [`${APP_ID}-showEndpointExceptions`], - }, - }, -}; diff --git a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts index 31f24b670752a..970078c392830 100644 --- a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts @@ -8,10 +8,6 @@ import { i18n } from '@kbn/i18n'; import type { SubFeatureConfig } from '@kbn/features-plugin/common'; import { EXCEPTION_LIST_NAMESPACE_AGNOSTIC } from '@kbn/securitysolution-list-constants'; -import { - ProductFeaturesPrivilegeId, - ProductFeaturesPrivileges, -} from '../../product_features_privileges'; import { SecuritySubFeatureId } from '../../product_features_keys'; import { APP_ID, SECURITY_FEATURE_ID_V3 } from '../../constants'; @@ -115,6 +111,7 @@ const trustedApplicationsSubFeature = (): SubFeatureConfig => ({ 'lists-summary', `${APP_ID}-writeTrustedApplications`, `${APP_ID}-readTrustedApplications`, + `${APP_ID}-writeGlobalArtifacts`, ], id: 'trusted_applications_all', includeIn: 'none', @@ -187,6 +184,7 @@ const hostIsolationExceptionsBasicSubFeature = (): SubFeatureConfig => ({ 'lists-summary', `${APP_ID}-deleteHostIsolationExceptions`, `${APP_ID}-readHostIsolationExceptions`, + `${APP_ID}-writeGlobalArtifacts`, ], id: 'host_isolation_exceptions_all', includeIn: 'none', @@ -256,6 +254,7 @@ const blocklistSubFeature = (): SubFeatureConfig => ({ 'lists-summary', `${APP_ID}-writeBlocklist`, `${APP_ID}-readBlocklist`, + `${APP_ID}-writeGlobalArtifacts`, ], id: 'blocklist_all', includeIn: 'none', @@ -326,6 +325,7 @@ const eventFiltersSubFeature = (): SubFeatureConfig => ({ 'lists-summary', `${APP_ID}-writeEventFilters`, `${APP_ID}-readEventFilters`, + `${APP_ID}-writeGlobalArtifacts`, ], id: 'event_filters_all', includeIn: 'none', @@ -713,7 +713,12 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ all: [], read: [], }, - ...ProductFeaturesPrivileges[ProductFeaturesPrivilegeId.endpointExceptions].all, + ui: ['showEndpointExceptions', 'crudEndpointExceptions'], + api: [ + `${APP_ID}-showEndpointExceptions`, + `${APP_ID}-crudEndpointExceptions`, + `${APP_ID}-writeGlobalArtifacts`, + ], }, { replacedBy: [ @@ -726,7 +731,8 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ all: [], read: [], }, - ...ProductFeaturesPrivileges[ProductFeaturesPrivilegeId.endpointExceptions].read, + ui: ['showEndpointExceptions'], + api: [`${APP_ID}-showEndpointExceptions`], }, ], }, diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts index 613b52fb179cc..de61b640a8e4b 100644 --- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts @@ -8,10 +8,6 @@ import { i18n } from '@kbn/i18n'; import type { SubFeatureConfig } from '@kbn/features-plugin/common'; import { EXCEPTION_LIST_NAMESPACE_AGNOSTIC } from '@kbn/securitysolution-list-constants'; -import { - ProductFeaturesPrivilegeId, - ProductFeaturesPrivileges, -} from '../../product_features_privileges'; import { SecuritySubFeatureId } from '../../product_features_keys'; import { APP_ID, SECURITY_FEATURE_ID_V3 } from '../../constants'; @@ -130,6 +126,7 @@ const trustedApplicationsSubFeature = (): SubFeatureConfig => ({ 'lists-summary', `${APP_ID}-writeTrustedApplications`, `${APP_ID}-readTrustedApplications`, + `${APP_ID}-writeGlobalArtifacts`, ], id: 'trusted_applications_all', includeIn: 'none', @@ -202,6 +199,7 @@ const hostIsolationExceptionsBasicSubFeature = (): SubFeatureConfig => ({ 'lists-summary', `${APP_ID}-deleteHostIsolationExceptions`, `${APP_ID}-readHostIsolationExceptions`, + `${APP_ID}-writeGlobalArtifacts`, ], id: 'host_isolation_exceptions_all', includeIn: 'none', @@ -271,6 +269,7 @@ const blocklistSubFeature = (): SubFeatureConfig => ({ 'lists-summary', `${APP_ID}-writeBlocklist`, `${APP_ID}-readBlocklist`, + `${APP_ID}-writeGlobalArtifacts`, ], id: 'blocklist_all', includeIn: 'none', @@ -341,6 +340,7 @@ const eventFiltersSubFeature = (): SubFeatureConfig => ({ 'lists-summary', `${APP_ID}-writeEventFilters`, `${APP_ID}-readEventFilters`, + `${APP_ID}-writeGlobalArtifacts`, ], id: 'event_filters_all', includeIn: 'none', @@ -781,7 +781,12 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ all: [], read: [], }, - ...ProductFeaturesPrivileges[ProductFeaturesPrivilegeId.endpointExceptions].all, + ui: ['showEndpointExceptions', 'crudEndpointExceptions'], + api: [ + `${APP_ID}-showEndpointExceptions`, + `${APP_ID}-crudEndpointExceptions`, + `${APP_ID}-writeGlobalArtifacts`, + ], }, { replacedBy: [ @@ -794,7 +799,8 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ all: [], read: [], }, - ...ProductFeaturesPrivileges[ProductFeaturesPrivilegeId.endpointExceptions].read, + ui: ['showEndpointExceptions'], + api: [`${APP_ID}-showEndpointExceptions`], }, ], }, diff --git a/x-pack/solutions/security/packages/features/src/security/v3_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v3_features/kibana_sub_features.ts index 3dda2774804b5..df024f5dc98c3 100644 --- a/x-pack/solutions/security/packages/features/src/security/v3_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v3_features/kibana_sub_features.ts @@ -8,10 +8,6 @@ import { i18n } from '@kbn/i18n'; import type { SubFeatureConfig } from '@kbn/features-plugin/common'; import { EXCEPTION_LIST_NAMESPACE_AGNOSTIC } from '@kbn/securitysolution-list-constants'; -import { - ProductFeaturesPrivilegeId, - ProductFeaturesPrivileges, -} from '../../product_features_privileges'; import { SecuritySubFeatureId } from '../../product_features_keys'; import { APP_ID } from '../../constants'; @@ -695,7 +691,8 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ all: [], read: [], }, - ...ProductFeaturesPrivileges[ProductFeaturesPrivilegeId.endpointExceptions].all, + ui: ['showEndpointExceptions', 'crudEndpointExceptions'], + api: [`${APP_ID}-showEndpointExceptions`, `${APP_ID}-crudEndpointExceptions`], }, { id: 'endpoint_exceptions_read', @@ -705,7 +702,8 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ all: [], read: [], }, - ...ProductFeaturesPrivileges[ProductFeaturesPrivilegeId.endpointExceptions].read, + ui: ['showEndpointExceptions'], + api: [`${APP_ID}-showEndpointExceptions`], }, ], }, diff --git a/x-pack/solutions/security/plugins/security_solution_ess/server/product_features/security_product_features_config.ts b/x-pack/solutions/security/plugins/security_solution_ess/server/product_features/security_product_features_config.ts index c3465bd5dd484..955152b1c84fc 100644 --- a/x-pack/solutions/security/plugins/security_solution_ess/server/product_features/security_product_features_config.ts +++ b/x-pack/solutions/security/plugins/security_solution_ess/server/product_features/security_product_features_config.ts @@ -17,11 +17,8 @@ import { securityDefaultProductFeaturesConfig, createEnabledProductFeaturesConfigMap, } from '@kbn/security-solution-features/config'; -import { - ProductFeaturesPrivilegeId, - ProductFeaturesPrivileges, -} from '@kbn/security-solution-features/privileges'; import { SECURITY_FEATURE_ID_V3 } from '@kbn/security-solution-features/constants'; +import { APP_ID } from '@kbn/security-solution-plugin/common'; export const getSecurityProductFeaturesConfigurator = (enabledProductFeatureKeys: ProductFeatureKeys) => (): ProductFeaturesSecurityConfig => { @@ -46,7 +43,16 @@ const securityProductFeaturesConfig: Record< > = { ...securityDefaultProductFeaturesConfig, [ProductFeatureSecurityKey.endpointExceptions]: { - privileges: ProductFeaturesPrivileges[ProductFeaturesPrivilegeId.endpointExceptions], + privileges: { + all: { + ui: ['showEndpointExceptions', 'crudEndpointExceptions'], + api: [`${APP_ID}-showEndpointExceptions`, `${APP_ID}-crudEndpointExceptions`], + }, + read: { + ui: ['showEndpointExceptions'], + api: [`${APP_ID}-showEndpointExceptions`], + }, + }, }, [ProductFeatureSecurityKey.endpointArtifactManagement]: { @@ -116,6 +122,12 @@ const securityProductFeaturesConfig: Record< } ), }, + api: [ + ...(baseFeatureConfig.privileges.all.api ?? []), + + // API access must be also added, as only UI privileges are copied when replacing a deprecated feature + `${APP_ID}-writeGlobalArtifacts`, + ], }, }, }; diff --git a/x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/security_product_features_config.ts b/x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/security_product_features_config.ts index 582afb226676a..4b4fe72a13ac1 100644 --- a/x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/security_product_features_config.ts +++ b/x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/security_product_features_config.ts @@ -18,6 +18,7 @@ import { SecuritySubFeatureId, } from '@kbn/security-solution-features/keys'; import { SECURITY_FEATURE_ID_V3 } from '@kbn/security-solution-features/constants'; +import { APP_ID } from '@kbn/security-solution-plugin/common'; import type { ExperimentalFeatures } from '../../common/experimental_features'; export const getSecurityProductFeaturesConfigurator = @@ -106,6 +107,13 @@ const securityProductFeaturesConfig: Record< ), }, + api: [ + ...(baseFeatureConfig.privileges.all.api ?? []), + + // API access must be also added, as only UI privileges are copied when replacing a deprecated feature + `${APP_ID}-writeGlobalArtifacts`, + ], + // minimal_all is not overwritten, as it does not includes Endpoint Exceptions ALL. }, }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/index.ts index 2cf50da68f01e..e44301f55bf1d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/index.ts @@ -62,6 +62,7 @@ export default function endpointAPIIntegrationTests(providerContext: FtrProvider loadTestFile(require.resolve('./space_awareness')); loadTestFile(require.resolve('./artifacts')); + loadTestFile(require.resolve('./role_backwards_compatibility')); loadTestFile(require.resolve('./response_actions')); }); } diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/role_backwards_compatibility.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/role_backwards_compatibility.ts new file mode 100644 index 0000000000000..ab3bd2376c905 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/role_backwards_compatibility.ts @@ -0,0 +1,143 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import TestAgent from 'supertest/lib/agent'; +import { + ENDPOINT_ARTIFACT_LISTS, + ENDPOINT_ARTIFACT_LIST_IDS, + ENDPOINT_LIST_ID, +} from '@kbn/securitysolution-list-constants'; +import { Role } from '@kbn/security-plugin-types-common'; +import { GLOBAL_ARTIFACT_TAG } from '@kbn/security-solution-plugin/common/endpoint/service/artifacts'; +import { SECURITY_FEATURE_ID } from '@kbn/security-solution-plugin/common/constants'; +import { ArtifactTestData } from '../../../../../security_solution_endpoint/services/endpoint_artifacts'; +import { FtrProviderContext } from '../../../../ftr_provider_context_edr_workflows'; + +export default function ({ getService }: FtrProviderContext) { + const utils = getService('securitySolutionUtils'); + const rolesUsersProvider = getService('rolesUsersProvider'); + const endpointArtifactTestResources = getService('endpointArtifactTestResources'); + + describe('@ess @skipInServerless, @skipInServerlessMKI Endpoint Artifacts space awareness user role backwards compatibility until siemV3', function () { + const afterEachDataCleanup: Array> = []; + + const SIEM_VERSIONS = ['siem', 'siemV2', 'siemV3'] as const; + + let globalArtifactManagerRole: Role; + + const createUserWithSiemPrivileges = async ( + siemVersion: (typeof SIEM_VERSIONS)[number], + siemPrivileges: string[] + ): Promise => { + globalArtifactManagerRole = Object.assign( + rolesUsersProvider.loader.getPreDefinedRole('t1_analyst'), + { name: 'globalArtifactManager' } + ); + + // remove actual siem + delete globalArtifactManagerRole.kibana[0].feature[SECURITY_FEATURE_ID]; + + // add (deprecated) siem feature + globalArtifactManagerRole.kibana[0].feature[siemVersion] = siemPrivileges; + + rolesUsersProvider.loader.create(globalArtifactManagerRole); + const globalArtifactManagerUser = await rolesUsersProvider.loader.create( + globalArtifactManagerRole + ); + + return utils.createSuperTest( + globalArtifactManagerUser.username, + globalArtifactManagerUser.password + ); + }; + + after(async () => { + if (globalArtifactManagerRole) { + await rolesUsersProvider.loader.delete(globalArtifactManagerRole.name); + // @ts-expect-error + globalArtifactManagerRole = undefined; + } + }); + + afterEach(async () => { + await Promise.allSettled(afterEachDataCleanup.splice(0).map((data) => data.cleanup())); + }); + + // testing with all SIEM versions for backward compatibility + for (const siemVersion of SIEM_VERSIONS) { + describe(`with ${siemVersion} feature version`, () => { + const artifactTypes: Array<{ + listId: (typeof ENDPOINT_ARTIFACT_LIST_IDS)[number] | typeof ENDPOINT_LIST_ID; + privileges: string[]; + }> = [ + { + listId: ENDPOINT_LIST_ID, + privileges: ['all'], + }, + { + listId: ENDPOINT_ARTIFACT_LISTS.trustedApps.id, + privileges: ['read', 'trusted_applications_all'], + }, + { + listId: ENDPOINT_ARTIFACT_LISTS.eventFilters.id, + privileges: ['read', 'event_filters_all'], + }, + { + listId: ENDPOINT_ARTIFACT_LISTS.blocklists.id, + privileges: ['read', 'blocklist_all'], + }, + { + listId: ENDPOINT_ARTIFACT_LISTS.hostIsolationExceptions.id, + privileges: ['read', 'host_isolation_exceptions_all'], + }, + + { + listId: ENDPOINT_LIST_ID, + privileges: ['minimal_all'], + }, + { + listId: ENDPOINT_ARTIFACT_LISTS.trustedApps.id, + privileges: ['minimal_read', 'trusted_applications_all'], + }, + { + listId: ENDPOINT_ARTIFACT_LISTS.eventFilters.id, + privileges: ['minimal_read', 'event_filters_all'], + }, + { + listId: ENDPOINT_ARTIFACT_LISTS.blocklists.id, + privileges: ['minimal_read', 'blocklist_all'], + }, + { + listId: ENDPOINT_ARTIFACT_LISTS.hostIsolationExceptions.id, + privileges: ['minimal_read', 'host_isolation_exceptions_all'], + }, + ]; + + for (const artifactType of artifactTypes) { + it(`should allow creating a global artifact on ${ + artifactType.listId + } list with original privileges ${artifactType.privileges.join(', ')}`, async () => { + const supertestGlobalArtifactManager = await createUserWithSiemPrivileges(siemVersion, [ + ...artifactType.privileges, + + // adding global access to current version, old version should receive it during rule migration + ...(siemVersion === SECURITY_FEATURE_ID ? ['global_artifact_management_all'] : []), + ]); + + const createdArtifact = await endpointArtifactTestResources.createArtifact( + artifactType.listId, + { tags: [GLOBAL_ARTIFACT_TAG] }, + { supertest: supertestGlobalArtifactManager } + ); + + afterEachDataCleanup.push(createdArtifact); + }); + } + }); + } + }); +} diff --git a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts index ad3c7e0847ac7..f2fb55c6621f4 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts @@ -265,6 +265,7 @@ export default function ({ getService }: FtrProviderContext) { "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", "api:securitySolution-threat-intelligence", + "api:securitySolution-writeGlobalArtifacts", "api:securitySolution-showEndpointExceptions", "api:securitySolution-crudEndpointExceptions", "app:securitySolution", @@ -1107,6 +1108,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-writeBlocklist", "api:securitySolution-readBlocklist", + "api:securitySolution-writeGlobalArtifacts", "saved_object:exception-list-agnostic/bulk_get", "saved_object:exception-list-agnostic/get", "saved_object:exception-list-agnostic/find", @@ -1137,6 +1139,7 @@ export default function ({ getService }: FtrProviderContext) { "login:", "api:securitySolution-showEndpointExceptions", "api:securitySolution-crudEndpointExceptions", + "api:securitySolution-writeGlobalArtifacts", "ui:siem/showEndpointExceptions", "ui:siem/crudEndpointExceptions", "ui:siemV3/showEndpointExceptions", @@ -1171,6 +1174,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-writeEventFilters", "api:securitySolution-readEventFilters", + "api:securitySolution-writeGlobalArtifacts", "saved_object:exception-list-agnostic/bulk_get", "saved_object:exception-list-agnostic/get", "saved_object:exception-list-agnostic/find", @@ -1225,6 +1229,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-deleteHostIsolationExceptions", "api:securitySolution-readHostIsolationExceptions", + "api:securitySolution-writeGlobalArtifacts", "api:securitySolution-accessHostIsolationExceptions", "api:securitySolution-writeHostIsolationExceptions", "saved_object:exception-list-agnostic/bulk_get", @@ -1278,6 +1283,7 @@ export default function ({ getService }: FtrProviderContext) { "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", "api:securitySolution-threat-intelligence", + "api:securitySolution-writeGlobalArtifacts", "app:securitySolution", "app:csp", "app:kibana", @@ -2954,6 +2960,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-writeTrustedApplications", "api:securitySolution-readTrustedApplications", + "api:securitySolution-writeGlobalArtifacts", "saved_object:exception-list-agnostic/bulk_get", "saved_object:exception-list-agnostic/get", "saved_object:exception-list-agnostic/find", @@ -3011,6 +3018,7 @@ export default function ({ getService }: FtrProviderContext) { "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", + "api:securitySolution-writeGlobalArtifacts", "api:securitySolution-showEndpointExceptions", "api:securitySolution-crudEndpointExceptions", "app:securitySolution", @@ -3795,6 +3803,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-writeBlocklist", "api:securitySolution-readBlocklist", + "api:securitySolution-writeGlobalArtifacts", "saved_object:exception-list-agnostic/bulk_get", "saved_object:exception-list-agnostic/get", "saved_object:exception-list-agnostic/find", @@ -3825,6 +3834,7 @@ export default function ({ getService }: FtrProviderContext) { "login:", "api:securitySolution-showEndpointExceptions", "api:securitySolution-crudEndpointExceptions", + "api:securitySolution-writeGlobalArtifacts", "ui:siemV2/showEndpointExceptions", "ui:siemV2/crudEndpointExceptions", "ui:siemV3/showEndpointExceptions", @@ -3859,6 +3869,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-writeEventFilters", "api:securitySolution-readEventFilters", + "api:securitySolution-writeGlobalArtifacts", "saved_object:exception-list-agnostic/bulk_get", "saved_object:exception-list-agnostic/get", "saved_object:exception-list-agnostic/find", @@ -3919,6 +3930,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-deleteHostIsolationExceptions", "api:securitySolution-readHostIsolationExceptions", + "api:securitySolution-writeGlobalArtifacts", "api:securitySolution-accessHostIsolationExceptions", "api:securitySolution-writeHostIsolationExceptions", "saved_object:exception-list-agnostic/bulk_get", @@ -3968,6 +3980,7 @@ export default function ({ getService }: FtrProviderContext) { "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", + "api:securitySolution-writeGlobalArtifacts", "app:securitySolution", "app:csp", "app:kibana", @@ -5530,6 +5543,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-writeTrustedApplications", "api:securitySolution-readTrustedApplications", + "api:securitySolution-writeGlobalArtifacts", "saved_object:exception-list-agnostic/bulk_get", "saved_object:exception-list-agnostic/get", "saved_object:exception-list-agnostic/find",