diff --git a/x-pack/solutions/security/packages/navigation/src/navigation_tree/assets_navigation_tree.ts b/x-pack/solutions/security/packages/navigation/src/navigation_tree/assets_navigation_tree.ts
index f4aa6e5cc9ef5..1693f6a6c2390 100644
--- a/x-pack/solutions/security/packages/navigation/src/navigation_tree/assets_navigation_tree.ts
+++ b/x-pack/solutions/security/packages/navigation/src/navigation_tree/assets_navigation_tree.ts
@@ -45,7 +45,6 @@ export const createAssetsNavigationTree = (core: CoreStart): NodeDefinition => (
     },
     {
       id: SecurityPageName.endpoints,
-      link: securityLink(SecurityPageName.endpoints),
       title: i18nStrings.assets.endpoints.title,
       children: [
         {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/rbac/navigation.cy.ts b/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/rbac/navigation.cy.ts
new file mode 100644
index 0000000000000..e4b158639d7d0
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/rbac/navigation.cy.ts
@@ -0,0 +1,145 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import * as ServerlessHeaders from '@kbn/test-suites-xpack/security_solution_cypress/cypress/screens/serverless_security_header';
+import * as EssHeaders from '@kbn/test-suites-xpack/security_solution_cypress/cypress/screens/security_header';
+import { login, ROLE } from '../../tasks/login';
+import { loadPage } from '../../tasks/common';
+import { SIEM_VERSIONS } from '../../common/constants';
+
+describe('Navigation RBAC', () => {
+  const isServerless = Cypress.env('IS_SERVERLESS');
+
+  const Selectors = isServerless ? ServerlessHeaders : EssHeaders;
+  const MenuButtonSelector = isServerless
+    ? ServerlessHeaders.ASSETS_PANEL_BTN
+    : EssHeaders.SETTINGS_PANEL_BTN;
+
+  const pages = [
+    {
+      name: 'Endpoints',
+      privilegePrefix: 'endpoint_list_',
+      selector: Selectors.ENDPOINTS,
+    },
+    {
+      name: 'Policies',
+      privilegePrefix: 'policy_management_',
+      selector: Selectors.POLICIES,
+    },
+    {
+      name: 'Trusted applications',
+      privilegePrefix: 'trusted_applications_',
+      selector: Selectors.TRUSTED_APPS,
+    },
+    {
+      name: 'Event filters',
+      privilegePrefix: 'event_filters_',
+      selector: Selectors.EVENT_FILTERS,
+    },
+    {
+      name: 'Blocklist',
+      privilegePrefix: 'blocklist_',
+      selector: Selectors.BLOCKLIST,
+    },
+    {
+      name: 'Host isolation exceptions',
+      privilegePrefix: 'host_isolation_exceptions_',
+      selector: Selectors.HOST_ISOLATION_EXCEPTIONS,
+    },
+    {
+      name: 'Response actions history',
+      privilegePrefix: 'actions_log_management_',
+      selector: Selectors.RESPONSE_ACTIONS_HISTORY,
+    },
+  ];
+
+  describe('ESS - using custom roles', { tags: ['@ess'] }, () => {
+    for (const siemVersion of SIEM_VERSIONS) {
+      describe(siemVersion, () => {
+        describe('NONE access', () => {
+          beforeEach(() => {
+            login.withCustomKibanaPrivileges({ [siemVersion]: ['all'] });
+          });
+
+          it(`none of the links should be visible in navigation bar`, () => {
+            loadPage('/app/security');
+            cy.get(MenuButtonSelector).click();
+
+            for (const page of pages) {
+              cy.get(page.selector).should('not.exist');
+            }
+          });
+
+          it(`none of the cards should be visible on Management page`, () => {
+            loadPage('/app/security/manage');
+
+            for (const page of pages) {
+              cy.getByTestSubj('LandingItem').should('not.contain.text', page.name);
+            }
+          });
+        });
+
+        for (const access of ['read', 'all']) {
+          for (const page of pages) {
+            describe(`${access.toUpperCase()} access only to ${page.name}`, () => {
+              beforeEach(() => {
+                login.withCustomKibanaPrivileges({
+                  [siemVersion]: ['read', `${page.privilegePrefix}${access}`],
+                });
+              });
+
+              it(`only ${page.name} link should be displayed in navigation bar`, () => {
+                loadPage('/app/security');
+                cy.get(MenuButtonSelector).click();
+
+                cy.get(page.selector);
+                pages
+                  .filter((iterator) => iterator.name !== page.name)
+                  .forEach((otherPage) => cy.get(otherPage.selector).should('not.exist'));
+              });
+
+              it(`only ${page.name} card should be displayed on Management page`, () => {
+                loadPage('/app/security/manage');
+
+                cy.contains(page.name);
+                pages
+                  .filter((iterator) => iterator.name !== page.name)
+                  .forEach((otherPage) =>
+                    cy.getByTestSubj('LandingItem').should('not.contain.text', otherPage.name)
+                  );
+              });
+            });
+          }
+        }
+      });
+    }
+  });
+
+  describe('Serverless - using prebuilt roles (for now)', { tags: ['@serverless'] }, () => {
+    it('without access to any of the subpages, none of those should be displayed', () => {
+      login(ROLE.detections_admin);
+      loadPage('/app/security');
+      cy.get(MenuButtonSelector).click();
+      cy.get('[data-test-subj~="sideNavPanel-id-securityGroup:assets"]');
+
+      for (const page of pages) {
+        cy.get(page.selector).should('not.exist');
+      }
+    });
+
+    it('with access to all of the subpages, all of those should be displayed', () => {
+      login(ROLE.soc_manager);
+      loadPage('/app/security');
+      cy.get(MenuButtonSelector).click();
+      cy.get('[data-test-subj~="sideNavPanel-id-securityGroup:assets"]');
+
+      for (const page of pages) {
+        cy.get(page.selector);
+      }
+    });
+  });
+});
diff --git a/x-pack/test/security_solution_cypress/cypress/screens/security_header.ts b/x-pack/test/security_solution_cypress/cypress/screens/security_header.ts
index c5b61f065eda0..ed4a6118dfe4c 100644
--- a/x-pack/test/security_solution_cypress/cypress/screens/security_header.ts
+++ b/x-pack/test/security_solution_cypress/cypress/screens/security_header.ts
@@ -54,6 +54,12 @@ export const EVENT_FILTERS = '[data-test-subj="solutionSideNavPanelLink-event_fi
 
 export const BLOCKLIST = '[data-test-subj="solutionSideNavPanelLink-blocklist"]';
 
+export const HOST_ISOLATION_EXCEPTIONS =
+  '[data-test-subj="solutionSideNavPanelLink-host_isolation_exceptions"]';
+
+export const RESPONSE_ACTIONS_HISTORY =
+  '[data-test-subj="solutionSideNavPanelLink-response_actions_history"]';
+
 export const CSP_BENCHMARKS =
   '[data-test-subj="solutionSideNavPanelLink-cloud_security_posture-benchmarks"]';
 
diff --git a/x-pack/test/security_solution_cypress/cypress/screens/serverless_security_header.ts b/x-pack/test/security_solution_cypress/cypress/screens/serverless_security_header.ts
index dd775b270e614..0c8006f9b91cd 100644
--- a/x-pack/test/security_solution_cypress/cypress/screens/serverless_security_header.ts
+++ b/x-pack/test/security_solution_cypress/cypress/screens/serverless_security_header.ts
@@ -49,6 +49,12 @@ export const EVENT_FILTERS = '[data-test-subj~="panelNavItem-id-event_filters"]'
 
 export const BLOCKLIST = '[data-test-subj~="panelNavItem-id-blocklist"]';
 
+export const HOST_ISOLATION_EXCEPTIONS =
+  '[data-test-subj~="panelNavItem-id-host_isolation_exceptions"]';
+
+export const RESPONSE_ACTIONS_HISTORY =
+  '[data-test-subj~="panelNavItem-id-response_actions_history"]';
+
 export const CSP_BENCHMARKS =
   '[data-test-subj~="panelNavItem-id-cloud_security_posture-benchmarks"]';