From 58025b1d73baf3e028f8e6954abb3ed1a679e1dc Mon Sep 17 00:00:00 2001
From: Mark Hopkin <mark.hopkin@elastic.co>
Date: Mon, 4 Aug 2025 14:52:38 +0100
Subject: [PATCH 1/2] fix bug

---
 .../entity_analytics/privilege_monitoring/auth/api_key.ts | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/auth/api_key.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/auth/api_key.ts
index edbdfca9fd376..eed4ebf33e4d0 100644
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/auth/api_key.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/auth/api_key.ts
@@ -49,7 +49,7 @@ const generate = async (deps: ApiKeyManagerDependencies) => {
   } else {
     const apiKey = await generateAPIKey(request, deps);
 
-    const soClient = core.savedObjects.getScopedClient(request, {
+    const soClient = core.savedObjects.getUnsafeInternalClient({
       includedHiddenTypes: [PrivilegeMonitoringApiKeyType.name, monitoringEntitySourceType.name],
     });
 
@@ -57,6 +57,7 @@ const generate = async (deps: ApiKeyManagerDependencies) => {
       id: getPrivmonEncryptedSavedObjectId(namespace),
       overwrite: true,
       managed: true,
+      namespace,
     });
   }
 };
@@ -74,7 +75,10 @@ const getApiKey = async (deps: ApiKeyManagerDependencies) => {
     return (
       await encryptedSavedObjectsClient.getDecryptedAsInternalUser<PrivilegeMonitoringAPIKey>(
         PrivilegeMonitoringApiKeyType.name,
-        getPrivmonEncryptedSavedObjectId(deps.namespace)
+        getPrivmonEncryptedSavedObjectId(deps.namespace),
+        {
+          namespace: deps.namespace,
+        }
       )
     ).attributes;
   } catch (err) {

From dc741b1363c44eab0f5fe0d22db9080cb9333926 Mon Sep 17 00:00:00 2001
From: Mark Hopkin <mark.hopkin@elastic.co>
Date: Tue, 5 Aug 2025 07:29:35 +0100
Subject: [PATCH 2/2] go back to old client instantiation

---
 .../lib/entity_analytics/privilege_monitoring/auth/api_key.ts  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/auth/api_key.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/auth/api_key.ts
index eed4ebf33e4d0..4c7423222ec09 100644
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/auth/api_key.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/auth/api_key.ts
@@ -49,7 +49,7 @@ const generate = async (deps: ApiKeyManagerDependencies) => {
   } else {
     const apiKey = await generateAPIKey(request, deps);
 
-    const soClient = core.savedObjects.getUnsafeInternalClient({
+    const soClient = core.savedObjects.getScopedClient(request, {
       includedHiddenTypes: [PrivilegeMonitoringApiKeyType.name, monitoringEntitySourceType.name],
     });
 
@@ -57,7 +57,6 @@ const generate = async (deps: ApiKeyManagerDependencies) => {
       id: getPrivmonEncryptedSavedObjectId(namespace),
       overwrite: true,
       managed: true,
-      namespace,
     });
   }
 };