diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.test.tsx index de2e4e18ad594..0a4edc5ac4cd2 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.test.tsx @@ -105,7 +105,7 @@ jest.mock('../../../../common/lib/kibana', () => { }); jest.mock('../../../containers/detection_engine/alerts/use_alerts_privileges', () => ({ - useAlertsPrivileges: jest.fn().mockReturnValue({ hasIndexWrite: true, hasSiemCRUD: true }), + useAlertsPrivileges: jest.fn().mockReturnValue({ hasIndexWrite: true }), })); const actionMenuButton = 'timeline-context-menu-button'; diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.test.tsx index 263edb0377c7e..4560100fdb19c 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.test.tsx @@ -101,8 +101,8 @@ describe('useAlertsPrivileges', () => { hasIndexMaintenance: null, hasIndexWrite: null, hasIndexUpdateDelete: null, - hasSiemCRUD: false, - hasSiemRead: false, + hasAlertsRead: false, + hasAlertsAll: false, isAuthenticated: null, loading: false, }) @@ -123,8 +123,8 @@ describe('useAlertsPrivileges', () => { hasIndexRead: false, hasIndexWrite: false, hasIndexUpdateDelete: false, - hasSiemCRUD: true, - hasSiemRead: true, + hasAlertsRead: true, + hasAlertsAll: true, isAuthenticated: false, loading: false, }) @@ -149,8 +149,8 @@ describe('useAlertsPrivileges', () => { hasIndexRead: true, hasIndexWrite: true, hasIndexUpdateDelete: true, - hasSiemCRUD: true, - hasSiemRead: true, + hasAlertsRead: true, + hasAlertsAll: true, isAuthenticated: true, loading: false, }) @@ -172,18 +172,18 @@ describe('useAlertsPrivileges', () => { hasIndexRead: true, hasIndexWrite: true, hasIndexUpdateDelete: true, - hasSiemCRUD: true, - hasSiemRead: true, + hasAlertsRead: true, + hasAlertsAll: true, isAuthenticated: true, loading: false, }) ); }); - test('returns "hasSiemCRUD" as false if user does not have SIEM Kibana "all" privileges', async () => { + test('returns "hasAlertsAll" as false if user does not have SecurityRules "all" privilege', async () => { const userPrivileges = produce(userPrivilegesInitial, (draft) => { draft.detectionEnginePrivileges.result = privilege; - draft.siemPrivileges = { crud: false, read: true }; + draft.rulesPrivileges = { edit: false, read: true }; }); useUserPrivilegesMock.mockReturnValue(userPrivileges); @@ -196,18 +196,18 @@ describe('useAlertsPrivileges', () => { hasIndexRead: true, hasIndexWrite: true, hasIndexUpdateDelete: true, - hasSiemCRUD: false, - hasSiemRead: true, + hasAlertsAll: false, + hasAlertsRead: true, isAuthenticated: true, loading: false, }) ); }); - test('returns "hasSiemRead" as false if user does not have at least SIEM Kibana "read" privileges', async () => { + test('returns "hasAlertsRead" as false if user does not have the SecurityRules "read" privileges', async () => { const userPrivileges = produce(userPrivilegesInitial, (draft) => { draft.detectionEnginePrivileges.result = privilege; - draft.siemPrivileges = { crud: false, read: false }; + draft.rulesPrivileges = { edit: false, read: false }; }); useUserPrivilegesMock.mockReturnValue(userPrivileges); @@ -220,8 +220,8 @@ describe('useAlertsPrivileges', () => { hasIndexRead: true, hasIndexWrite: true, hasIndexUpdateDelete: true, - hasSiemCRUD: false, - hasSiemRead: false, + hasAlertsAll: false, + hasAlertsRead: false, isAuthenticated: true, loading: false, }) diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.tsx index b21bf63fe87cd..3a7e661f0ee90 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.tsx @@ -20,8 +20,8 @@ export interface AlertsPrivelegesState { hasIndexUpdateDelete: boolean | null; hasIndexMaintenance: boolean | null; hasIndexRead: boolean | null; - hasSiemCRUD: boolean; - hasSiemRead: boolean; + hasAlertsRead: boolean; + hasAlertsAll: boolean; } /** * Hook to get user privilege from @@ -30,7 +30,8 @@ export interface AlertsPrivelegesState { export const useAlertsPrivileges = (): UseAlertsPrivelegesReturn => { const { detectionEnginePrivileges: { error, result, loading }, - siemPrivileges: { crud: hasSiemCRUD, read: hasSiemRead }, + // Rules privileges implicitly contain alerts privileges. Until we separate them out into dedicated privileges, we are using rules privileges to determine alerts privileges. + rulesPrivileges: { read: hasAlertsRead, edit: hasAlertsAll }, } = useUserPrivileges(); const indexName = useMemo(() => { @@ -50,8 +51,8 @@ export const useAlertsPrivileges = (): UseAlertsPrivelegesReturn => { hasIndexWrite: false, hasIndexUpdateDelete: false, hasIndexMaintenance: false, - hasSiemCRUD, - hasSiemRead, + hasAlertsRead, + hasAlertsAll, }; } @@ -68,8 +69,8 @@ export const useAlertsPrivileges = (): UseAlertsPrivelegesReturn => { result.index[indexName].index || result.index[indexName].write, hasIndexUpdateDelete: result.index[indexName].write, - hasSiemCRUD, - hasSiemRead, + hasAlertsRead, + hasAlertsAll, }; } @@ -81,10 +82,10 @@ export const useAlertsPrivileges = (): UseAlertsPrivelegesReturn => { hasIndexWrite: null, hasIndexUpdateDelete: null, hasIndexMaintenance: null, - hasSiemCRUD: false, - hasSiemRead: false, + hasAlertsRead: false, + hasAlertsAll: false, }; - }, [error, result, indexName, hasSiemCRUD, hasSiemRead]); + }, [error, result, indexName, hasAlertsRead, hasAlertsAll]); return { loading: loading ?? false, ...privileges }; }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx index 1432d5c0ad652..ac3a579911731 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx @@ -188,8 +188,8 @@ const HostDetailsComponent: React.FC = ({ detailName, hostDeta dispatch(setHostDetailsTablesActivePageToZero()); }, [dispatch, detailName]); - const { hasSiemRead: hasKibanaREAD, hasIndexRead } = useAlertsPrivileges(); - const canReadAlerts = hasKibanaREAD && hasIndexRead; + const { hasAlertsRead, hasIndexRead } = useAlertsPrivileges(); + const canReadAlerts = hasAlertsRead && hasIndexRead; const entityFilter = useMemo( () => ({ diff --git a/x-pack/solutions/security/plugins/security_solution/public/explore/network/pages/details/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/explore/network/pages/details/index.tsx index 6c098ccf09ed3..d67cdbf954a48 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/explore/network/pages/details/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/explore/network/pages/details/index.tsx @@ -82,8 +82,8 @@ const NetworkDetailsComponent: React.FC = () => { ); const { signalIndexName } = useSignalIndex(); - const { hasSiemRead: hasKibanaREAD, hasIndexRead } = useAlertsPrivileges(); - const canReadAlerts = hasKibanaREAD && hasIndexRead; + const { hasAlertsRead, hasIndexRead } = useAlertsPrivileges(); + const canReadAlerts = hasAlertsRead && hasIndexRead; const query = useDeepEqualSelector(getGlobalQuerySelector); const globalFilters = useDeepEqualSelector(getGlobalFiltersQuerySelector); diff --git a/x-pack/solutions/security/plugins/security_solution/public/explore/users/pages/details/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/explore/users/pages/details/index.tsx index 8cfe6fd2d2b79..932a0fa5c3bfc 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/explore/users/pages/details/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/explore/users/pages/details/index.tsx @@ -94,8 +94,8 @@ const UsersDetailsComponent: React.FC = ({ const globalFilters = useDeepEqualSelector(getGlobalFiltersQuerySelector); const { signalIndexName } = useSignalIndex(); - const { hasSiemRead: hasKibanaREAD, hasIndexRead } = useAlertsPrivileges(); - const canReadAlerts = hasKibanaREAD && hasIndexRead; + const { hasAlertsRead, hasIndexRead } = useAlertsPrivileges(); + const canReadAlerts = hasAlertsRead && hasIndexRead; const { to, from, deleteQuery, setQuery, isInitializing } = useGlobalTime(); const { globalFullScreen } = useGlobalFullScreen(); diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/status_popover_button.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/status_popover_button.test.tsx index f5f3b13c0be08..84abcdd32a8d8 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/status_popover_button.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/status_popover_button.test.tsx @@ -52,11 +52,9 @@ const props = { type AlertsPriveleges = Partial>; -const writePriveleges: AlertsPriveleges = { hasIndexWrite: true, hasSiemCRUD: true }; +const writePriveleges: AlertsPriveleges = { hasIndexWrite: true }; const readPriveleges: AlertsPriveleges = { hasIndexWrite: false, - hasSiemCRUD: false, - hasSiemRead: true, hasIndexRead: true, }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.test.tsx index d6e5099ab7374..5bec1dd987979 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.test.tsx @@ -46,7 +46,7 @@ jest.mock('../../../../common/lib/kibana'); jest.mock( '../../../../detections/containers/detection_engine/alerts/use_alerts_privileges', () => ({ - useAlertsPrivileges: jest.fn().mockReturnValue({ hasIndexWrite: true, hasSiemCRUD: true }), + useAlertsPrivileges: jest.fn().mockReturnValue({ hasIndexWrite: true }), }) ); jest.mock('../../../../cases/components/use_insert_timeline'); diff --git a/x-pack/solutions/security/plugins/security_solution/public/overview/pages/detection_response.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/overview/pages/detection_response.test.tsx index e5ee5a1c3f7e8..d98deb4b09b63 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/overview/pages/detection_response.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/overview/pages/detection_response.test.tsx @@ -61,7 +61,7 @@ jest.mock('../../sourcerer/containers', () => ({ })); const defaultUseAlertsPrivilegesReturn = { - hasSiemRead: true, + hasAlertsRead: true, hasIndexRead: true, }; @@ -174,7 +174,7 @@ describe('DetectionResponse', () => { it('should not render alerts data sections if user has not index read permission', () => { mockUseAlertsPrivileges.mockReturnValue({ hasIndexRead: false, - hasSiemRead: true, + hasAlertsRead: true, }); const result = render( @@ -198,7 +198,7 @@ describe('DetectionResponse', () => { it('should not render alerts data sections if user has not kibana read permission', () => { mockUseAlertsPrivileges.mockReturnValue({ hasIndexRead: true, - hasSiemRead: false, + hasAlertsRead: false, }); const result = render( @@ -243,7 +243,7 @@ describe('DetectionResponse', () => { it('should render page permissions message if the user does not have read permission', () => { mockCanUseCases.mockReturnValue(noCasesPermissions()); mockUseAlertsPrivileges.mockReturnValue({ - hasSiemRead: true, + hasAlertsRead: true, hasIndexRead: false, }); diff --git a/x-pack/solutions/security/plugins/security_solution/public/overview/pages/detection_response.tsx b/x-pack/solutions/security/plugins/security_solution/public/overview/pages/detection_response.tsx index 8dc4318370f12..e3da8af4e06dd 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/overview/pages/detection_response.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/overview/pages/detection_response.tsx @@ -54,10 +54,10 @@ const DetectionResponseComponent = () => { const isSourcererLoading = newDataViewPickerEnabled ? status !== 'ready' : oldIsSourcererLoading; const { signalIndexName } = useSignalIndex(); - const { hasSiemRead: hasKibanaREAD, hasIndexRead } = useAlertsPrivileges(); + const { hasAlertsRead, hasIndexRead } = useAlertsPrivileges(); const userCasesPermissions = cases.helpers.canUseCases([APP_ID]); const canReadCases = userCasesPermissions.read; - const canReadAlerts = hasKibanaREAD && hasIndexRead; + const canReadAlerts = hasAlertsRead && hasIndexRead; const isSocTrendsEnabled = useIsExperimentalFeatureEnabled('socTrendsEnabled'); const additionalFilters = useMemo(() => (filterQuery ? [filterQuery] : []), [filterQuery]); diff --git a/x-pack/solutions/security/plugins/security_solution/public/overview/pages/overview.tsx b/x-pack/solutions/security/plugins/security_solution/public/overview/pages/overview.tsx index a9dfb72a3a89e..844494b6b8b9b 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/overview/pages/overview.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/overview/pages/overview.tsx @@ -90,7 +90,7 @@ const OverviewComponent = () => { const { endpointPrivileges: { canAccessFleet }, } = useUserPrivileges(); - const { hasIndexRead, hasSiemRead: hasKibanaREAD } = useAlertsPrivileges(); + const { hasIndexRead, hasAlertsRead } = useAlertsPrivileges(); const { tiDataSources: allTiDataSources, isInitiallyLoaded: isTiLoaded } = useAllTiDataSources(); if (newDataViewPickerEnabled && status === 'pristine') { @@ -129,7 +129,7 @@ const OverviewComponent = () => { - {hasIndexRead && hasKibanaREAD && ( + {hasIndexRead && hasAlertsRead && ( diff --git a/x-pack/solutions/security/plugins/security_solution/public/reports/pages/ai_value.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/reports/pages/ai_value.test.tsx index ba84570680190..2fbe90aba3a50 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/reports/pages/ai_value.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/reports/pages/ai_value.test.tsx @@ -159,10 +159,10 @@ describe('AIValue', () => { sourcererDataView: {} as Record, }); mockUseAlertsPrivileges.mockReturnValue({ - hasSiemRead: true, hasIndexRead: true, hasIndexUpdateDelete: false, - hasSiemCRUD: false, + hasAlertsRead: false, + hasAlertsAll: false, loading: false, isAuthenticated: true, hasEncryptionKey: true,