Rules rbac siemv5 role update

config/serverless.security.search_ai_lake.yml

@@ -27,6 +27,21 @@ xpack.features.overrides:
   securitySolutionSiemMigrations.hidden: true
 
   ## Fine-tune the security solution essentials feature privileges. These feature privilege overrides are set individually for each project type. Also, refer to `serverless.yml` for the project-agnostic overrides.
+  siemV5:
+    privileges:
+      all.composedOf:
+        ## Limited values so the fields from serverless.yml or serverless.security.yml are overwritten
+        ## We do not need to compose 4 from maps and visualizations because these functionalities are disabled in this tier
+        - feature: 'discover_v2'
+          privileges: ['all']
+          ## We need limited access to fleet (v1) in order to use integrations
+        - feature: 'fleet'
+          privileges: ['all']
+      read.composedOf:
+        - feature: 'discover_v2'
+          privileges: ['read']
+        - feature: 'fleet'
+          privileges: ['read']
   siemV4:
     privileges:
       all.composedOf:

config/serverless.security.yml

@@ -29,6 +29,31 @@ xpack.features.overrides:
     category: "security"
     order: 1103
   ### Security's feature privileges are fine-tuned to grant access to Discover, Dashboard, Maps, and Visualize apps.
+  siemV5:
+    privileges:
+      ### Security's `All` feature privilege should implicitly grant `All` access to Discover, Dashboard, Maps, and
+      ### Visualize features.
+      all.composedOf:
+        - feature: 'discover_v2'
+          privileges: ['all']
+        - feature: 'dashboard_v2'
+          privileges: ['all']
+        - feature: 'visualize_v2'
+          privileges: ['all']
+        - feature: 'maps_v2'
+          privileges: ['all']
+      # Security's `Read` feature privilege should implicitly grant `Read` access to Discover, Dashboard, Maps, and
+      # Visualize features. Additionally, it should implicitly grant privilege to create short URLs in Discover,
+      ### Dashboard, and Visualize apps.
+      read.composedOf:
+        - feature: 'discover_v2'
+          privileges: ['read']
+        - feature: 'dashboard_v2'
+          privileges: ['read']
+        - feature: 'visualize_v2'
+          privileges: ['read']
+        - feature: 'maps_v2'
+          privileges: ['read']
   siemV4:
     privileges:
       ### Security's `All` feature privilege should implicitly grant `All` access to Discover, Dashboard, Maps, and

src/platform/packages/shared/kbn-es/src/serverless_resources/project_roles/security/roles.yml

@@ -45,10 +45,10 @@ viewer:
     - application: 'kibana-.kibana'
       privileges:
         - feature_ml.read
-        - feature_siemV4.read
-        - feature_siemV4.read_alerts
-        - feature_siemV4.endpoint_list_read
-        - feature_siemV4.endpoint_exceptions_read
+        - feature_siemV5.read
+        - feature_siemV5.endpoint_list_read
+        - feature_siemV5.endpoint_exceptions_read
+        - feature_securitySolutionRulesV1.read
         - feature_securitySolutionCasesV2.read
         - feature_securitySolutionAssistant.all
         - feature_securitySolutionAttackDiscovery.all
@@ -129,22 +129,21 @@ editor:
     - application: 'kibana-.kibana'
       privileges:
         - feature_ml.read
-        - feature_siemV4.all
-        - feature_siemV4.read_alerts
-        - feature_siemV4.crud_alerts
-        - feature_siemV4.endpoint_list_all
-        - feature_siemV4.global_artifact_management_all
-        - feature_siemV4.trusted_applications_all
-        - feature_siemV4.trusted_devices_all
-        - feature_siemV4.event_filters_all
-        - feature_siemV4.host_isolation_exceptions_all
-        - feature_siemV4.blocklist_all
-        - feature_siemV4.endpoint_exceptions_all
-        - feature_siemV4.policy_management_read # Elastic Defend Policy Management
-        - feature_siemV4.host_isolation_all
-        - feature_siemV4.process_operations_all
-        - feature_siemV4.actions_log_management_all # Response actions history
-        - feature_siemV4.file_operations_all
+        - feature_siemV5.all
+        - feature_siemV5.endpoint_list_all
+        - feature_siemV5.global_artifact_management_all
+        - feature_siemV5.trusted_applications_all
+        - feature_siemV5.trusted_devices_all
+        - feature_siemV5.event_filters_all
+        - feature_siemV5.host_isolation_exceptions_all
+        - feature_siemV5.blocklist_all
+        - feature_siemV5.endpoint_exceptions_all
+        - feature_siemV5.policy_management_read # Elastic Defend Policy Management
+        - feature_siemV5.host_isolation_all
+        - feature_siemV5.process_operations_all
+        - feature_siemV5.actions_log_management_all # Response actions history
+        - feature_siemV5.file_operations_all
+        - feature_securitySolutionRulesV1.all
         - feature_securitySolutionCasesV2.all
         - feature_securitySolutionAssistant.all
         - feature_securitySolutionAttackDiscovery.all
@@ -201,9 +200,9 @@ t1_analyst:
     - application: 'kibana-.kibana'
       privileges:
         - feature_ml.read
-        - feature_siemV4.read
-        - feature_siemV4.read_alerts
-        - feature_siemV4.endpoint_list_read
+        - feature_siemV5.read
+        - feature_siemV5.endpoint_list_read
+        - feature_securitySolutionRulesV1.read
         - feature_securitySolutionCasesV2.read
         - feature_securitySolutionAssistant.all
         - feature_securitySolutionAttackDiscovery.all
@@ -263,9 +262,9 @@ t2_analyst:
     - application: 'kibana-.kibana'
       privileges:
         - feature_ml.read
-        - feature_siemV4.read
-        - feature_siemV4.read_alerts
-        - feature_siemV4.endpoint_list_read
+        - feature_siemV5.read
+        - feature_siemV5.endpoint_list_read
+        - feature_securitySolutionRulesV1.read
         - feature_securitySolutionCasesV2.all
         - feature_securitySolutionAssistant.all
         - feature_securitySolutionAttackDiscovery.all
@@ -330,24 +329,23 @@ t3_analyst:
     - application: 'kibana-.kibana'
       privileges:
         - feature_ml.read
-        - feature_siemV4.all
-        - feature_siemV4.read_alerts
-        - feature_siemV4.crud_alerts
-        - feature_siemV4.endpoint_list_all
-        - feature_siemV4.global_artifact_management_all
-        - feature_siemV4.trusted_applications_all
-        - feature_siemV4.trusted_devices_all
-        - feature_siemV4.event_filters_all
-        - feature_siemV4.host_isolation_exceptions_all
-        - feature_siemV4.blocklist_all
-        - feature_siemV4.endpoint_exceptions_all
-        - feature_siemV4.policy_management_read # Elastic Defend Policy Management
-        - feature_siemV4.host_isolation_all
-        - feature_siemV4.process_operations_all
-        - feature_siemV4.actions_log_management_all # Response actions history
-        - feature_siemV4.file_operations_all
-        - feature_siemV4.scan_operations_all
-        - feature_siemV4.workflow_insights_all
+        - feature_siemV5.all
+        - feature_siemV5.endpoint_list_all
+        - feature_siemV5.global_artifact_management_all
+        - feature_siemV5.trusted_applications_all
+        - feature_siemV5.trusted_devices_all
+        - feature_siemV5.event_filters_all
+        - feature_siemV5.host_isolation_exceptions_all
+        - feature_siemV5.blocklist_all
+        - feature_siemV5.endpoint_exceptions_all
+        - feature_siemV5.policy_management_read # Elastic Defend Policy Management
+        - feature_siemV5.host_isolation_all
+        - feature_siemV5.process_operations_all
+        - feature_siemV5.actions_log_management_all # Response actions history
+        - feature_siemV5.file_operations_all
+        - feature_siemV5.scan_operations_all
+        - feature_siemV5.workflow_insights_all
+        - feature_securitySolutionRulesV1.all
         - feature_securitySolutionCasesV2.all
         - feature_securitySolutionAssistant.all
         - feature_securitySolutionAttackDiscovery.all
@@ -414,11 +412,12 @@ threat_intelligence_analyst:
     - application: 'kibana-.kibana'
       privileges:
         - feature_ml.read
-        - feature_siemV4.all
-        - feature_siemV4.endpoint_list_read
-        - feature_siemV4.global_artifact_management_all
-        - feature_siemV4.blocklist_all
-        - feature_siemV4.endpoint_exceptions_all
+        - feature_siemV5.all
+        - feature_siemV5.endpoint_list_read
+        - feature_siemV5.global_artifact_management_all
+        - feature_siemV5.blocklist_all
+        - feature_siemV5.endpoint_exceptions_all
+        - feature_securitySolutionRulesV1.all
         - feature_securitySolutionCasesV2.all
         - feature_securitySolutionAssistant.all
         - feature_securitySolutionAttackDiscovery.all
@@ -486,20 +485,19 @@ rule_author:
     - application: 'kibana-.kibana'
       privileges:
         - feature_ml.read
-        - feature_siemV4.all
-        - feature_siemV4.read_alerts
-        - feature_siemV4.crud_alerts
-        - feature_siemV4.policy_management_all
-        - feature_siemV4.endpoint_list_all
-        - feature_siemV4.global_artifact_management_all
-        - feature_siemV4.trusted_applications_all
-        - feature_siemV4.trusted_devices_all
-        - feature_siemV4.event_filters_all
-        - feature_siemV4.host_isolation_exceptions_read
-        - feature_siemV4.blocklist_all # Elastic Defend Policy Management
-        - feature_siemV4.endpoint_exceptions_all
-        - feature_siemV4.actions_log_management_read
-        - feature_siemV4.workflow_insights_all
+        - feature_siemV5.all
+        - feature_siemV5.policy_management_all
+        - feature_siemV5.endpoint_list_all
+        - feature_siemV5.global_artifact_management_all
+        - feature_siemV5.trusted_applications_all
+        - feature_siemV5.trusted_devices_all
+        - feature_siemV5.event_filters_all
+        - feature_siemV5.host_isolation_exceptions_read
+        - feature_siemV5.blocklist_all # Elastic Defend Policy Management
+        - feature_siemV5.endpoint_exceptions_all
+        - feature_siemV5.actions_log_management_read
+        - feature_siemV5.workflow_insights_all
+        - feature_securitySolutionRulesV1.all
         - feature_securitySolutionCasesV2.all
         - feature_securitySolutionAssistant.all
         - feature_securitySolutionAttackDiscovery.all
@@ -575,26 +573,25 @@ soc_manager:
     - application: 'kibana-.kibana'
       privileges:
         - feature_ml.read
-        - feature_siemV4.all
-        - feature_siemV4.read_alerts
-        - feature_siemV4.crud_alerts
-        - feature_siemV4.policy_management_all
-        - feature_siemV4.endpoint_list_all
-        - feature_siemV4.global_artifact_management_all
-        - feature_siemV4.trusted_applications_all
-        - feature_siemV4.trusted_devices_all
-        - feature_siemV4.event_filters_all
-        - feature_siemV4.host_isolation_exceptions_all
-        - feature_siemV4.blocklist_all
-        - feature_siemV4.endpoint_exceptions_all
-        - feature_siemV4.host_isolation_all
-        - feature_siemV4.process_operations_all
-        - feature_siemV4.actions_log_management_all
-        - feature_siemV4.file_operations_all
-        - feature_siemV4.execute_operations_all
-        - feature_siemV4.scan_operations_all
-        - feature_siemV4.workflow_insights_all
-        - feature_siemV4.soc_management_all
+        - feature_siemV5.all
+        - feature_siemV5.policy_management_all
+        - feature_siemV5.endpoint_list_all
+        - feature_siemV5.global_artifact_management_all
+        - feature_siemV5.trusted_applications_all
+        - feature_siemV5.trusted_devices_all
+        - feature_siemV5.event_filters_all
+        - feature_siemV5.host_isolation_exceptions_all
+        - feature_siemV5.blocklist_all
+        - feature_siemV5.endpoint_exceptions_all
+        - feature_siemV5.host_isolation_all
+        - feature_siemV5.process_operations_all
+        - feature_siemV5.actions_log_management_all
+        - feature_siemV5.file_operations_all
+        - feature_siemV5.execute_operations_all
+        - feature_siemV5.scan_operations_all
+        - feature_siemV5.workflow_insights_all
+        - feature_siemV5.soc_management_all
+        - feature_securitySolutionRulesV1.all
         - feature_securitySolutionCasesV2.all
         - feature_securitySolutionAssistant.all
         - feature_securitySolutionAttackDiscovery.all
@@ -666,11 +663,10 @@ detections_admin:
     - application: 'kibana-.kibana'
       privileges:
         - feature_ml.all
-        - feature_siemV4.all
-        - feature_siemV4.read_alerts
-        - feature_siemV4.crud_alerts
-        - feature_siemV4.global_artifact_management_all
-        - feature_siemV4.endpoint_exceptions_all
+        - feature_siemV5.all
+        - feature_siemV5.global_artifact_management_all
+        - feature_siemV5.endpoint_exceptions_all
+        - feature_securitySolutionRulesV1.all
         - feature_securitySolutionCasesV2.all
         - feature_securitySolutionAssistant.all
         - feature_securitySolutionAttackDiscovery.all
@@ -734,20 +730,19 @@ platform_engineer:
     - application: 'kibana-.kibana'
       privileges:
         - feature_ml.all
-        - feature_siemV4.all
-        - feature_siemV4.read_alerts
-        - feature_siemV4.crud_alerts
-        - feature_siemV4.policy_management_all
-        - feature_siemV4.endpoint_list_all
-        - feature_siemV4.global_artifact_management_all
-        - feature_siemV4.trusted_applications_all
-        - feature_siemV4.trusted_devices_all
-        - feature_siemV4.event_filters_all
-        - feature_siemV4.host_isolation_exceptions_all
-        - feature_siemV4.blocklist_all # Elastic Defend Policy Management
-        - feature_siemV4.endpoint_exceptions_all
-        - feature_siemV4.actions_log_management_read
-        - feature_siemV4.workflow_insights_all
+        - feature_siemV5.all
+        - feature_siemV5.policy_management_all
+        - feature_siemV5.endpoint_list_all
+        - feature_siemV5.global_artifact_management_all
+        - feature_siemV5.trusted_applications_all
+        - feature_siemV5.trusted_devices_all
+        - feature_siemV5.event_filters_all
+        - feature_siemV5.host_isolation_exceptions_all
+        - feature_siemV5.blocklist_all # Elastic Defend Policy Management
+        - feature_siemV5.endpoint_exceptions_all
+        - feature_siemV5.actions_log_management_read
+        - feature_siemV5.workflow_insights_all
+        - feature_securitySolutionRulesV1.all
         - feature_securitySolutionCasesV2.all
         - feature_securitySolutionAssistant.all
         - feature_securitySolutionAttackDiscovery.all
@@ -815,24 +810,24 @@ endpoint_operations_analyst:
     - application: 'kibana-.kibana'
       privileges:
         - feature_ml.read
-        - feature_siemV4.all
-        - feature_siemV4.read_alerts
-        - feature_siemV4.policy_management_all
-        - feature_siemV4.endpoint_list_all
-        - feature_siemV4.global_artifact_management_all
-        - feature_siemV4.trusted_applications_all
-        - feature_siemV4.trusted_devices_all
-        - feature_siemV4.event_filters_all
-        - feature_siemV4.host_isolation_exceptions_all
-        - feature_siemV4.blocklist_all
-        - feature_siemV4.endpoint_exceptions_all
-        - feature_siemV4.host_isolation_all
-        - feature_siemV4.process_operations_all
-        - feature_siemV4.actions_log_management_all
-        - feature_siemV4.file_operations_all
-        - feature_siemV4.execute_operations_all
-        - feature_siemV4.scan_operations_all
-        - feature_siemV4.workflow_insights_all
+        - feature_siemV5.all
+        - feature_siemV5.policy_management_all
+        - feature_siemV5.endpoint_list_all
+        - feature_siemV5.global_artifact_management_all
+        - feature_siemV5.trusted_applications_all
+        - feature_siemV5.trusted_devices_all
+        - feature_siemV5.event_filters_all
+        - feature_siemV5.host_isolation_exceptions_all
+        - feature_siemV5.blocklist_all
+        - feature_siemV5.endpoint_exceptions_all
+        - feature_siemV5.host_isolation_all
+        - feature_siemV5.process_operations_all
+        - feature_siemV5.actions_log_management_all
+        - feature_siemV5.file_operations_all
+        - feature_siemV5.execute_operations_all
+        - feature_siemV5.scan_operations_all
+        - feature_siemV5.workflow_insights_all
+        - feature_securitySolutionRulesV1.read
         - feature_securitySolutionCasesV2.all
         - feature_securitySolutionAssistant.all
         - feature_securitySolutionAttackDiscovery.all
@@ -908,19 +903,18 @@ endpoint_policy_manager:
     - application: 'kibana-.kibana'
       privileges:
         - feature_ml.all
-        - feature_siemV4.all
-        - feature_siemV4.read_alerts
-        - feature_siemV4.crud_alerts
-        - feature_siemV4.policy_management_all
-        - feature_siemV4.endpoint_list_all
-        - feature_siemV4.global_artifact_management_all
-        - feature_siemV4.trusted_applications_all
-        - feature_siemV4.trusted_devices_all
-        - feature_siemV4.event_filters_all
-        - feature_siemV4.host_isolation_exceptions_all
-        - feature_siemV4.blocklist_all # Elastic Defend Policy Management
-        - feature_siemV4.endpoint_exceptions_all
-        - feature_siemV4.workflow_insights_all
+        - feature_siemV5.all
+        - feature_siemV5.policy_management_all
+        - feature_siemV5.endpoint_list_all
+        - feature_siemV5.global_artifact_management_all
+        - feature_siemV5.trusted_applications_all
+        - feature_siemV5.trusted_devices_all
+        - feature_siemV5.event_filters_all
+        - feature_siemV5.host_isolation_exceptions_all
+        - feature_siemV5.blocklist_all # Elastic Defend Policy Management
+        - feature_siemV5.endpoint_exceptions_all
+        - feature_siemV5.workflow_insights_all
+        - feature_securitySolutionRulesV1.all
         - feature_securitySolutionCasesV2.all
         - feature_securitySolutionAssistant.all
         - feature_securitySolutionAttackDiscovery.all