elastic · rylnd · Dec 15, 2025 · Dec 12, 2025 · Dec 15, 2025 · Dec 15, 2025
@@ -105,7 +105,7 @@ jest.mock('../../../../common/lib/kibana', () => {
 });
 
 jest.mock('../../../containers/detection_engine/alerts/use_alerts_privileges', () => ({
-  useAlertsPrivileges: jest.fn().mockReturnValue({ hasIndexWrite: true, hasSiemCRUD: true }),
+  useAlertsPrivileges: jest.fn().mockReturnValue({ hasIndexWrite: true }),
 }));
 
 const actionMenuButton = 'timeline-context-menu-button';

@@ -101,8 +101,8 @@ describe('useAlertsPrivileges', () => {
         hasIndexMaintenance: null,
         hasIndexWrite: null,
         hasIndexUpdateDelete: null,
-        hasSiemCRUD: false,
-        hasSiemRead: false,
+        hasAlertsRead: false,
+        hasAlertsAll: false,
         isAuthenticated: null,
         loading: false,
       })
@@ -123,8 +123,8 @@ describe('useAlertsPrivileges', () => {
         hasIndexRead: false,
         hasIndexWrite: false,
         hasIndexUpdateDelete: false,
-        hasSiemCRUD: true,
-        hasSiemRead: true,
+        hasAlertsRead: true,
+        hasAlertsAll: true,
         isAuthenticated: false,
         loading: false,
       })
@@ -149,8 +149,8 @@ describe('useAlertsPrivileges', () => {
         hasIndexRead: true,
         hasIndexWrite: true,
         hasIndexUpdateDelete: true,
-        hasSiemCRUD: true,
-        hasSiemRead: true,
+        hasAlertsRead: true,
+        hasAlertsAll: true,
         isAuthenticated: true,
         loading: false,
       })
@@ -172,18 +172,18 @@ describe('useAlertsPrivileges', () => {
         hasIndexRead: true,
         hasIndexWrite: true,
         hasIndexUpdateDelete: true,
-        hasSiemCRUD: true,
-        hasSiemRead: true,
+        hasAlertsRead: true,
+        hasAlertsAll: true,
         isAuthenticated: true,
         loading: false,
       })
     );
   });
 
-  test('returns "hasSiemCRUD" as false if user does not have SIEM Kibana "all" privileges', async () => {
+  test('returns "hasAlertsAll" as false if user does not have SecurityRules "all" privilege', async () => {
     const userPrivileges = produce(userPrivilegesInitial, (draft) => {
       draft.detectionEnginePrivileges.result = privilege;
-      draft.siemPrivileges = { crud: false, read: true };
+      draft.rulesPrivileges = { edit: false, read: true };
     });
     useUserPrivilegesMock.mockReturnValue(userPrivileges);
 
@@ -196,18 +196,18 @@ describe('useAlertsPrivileges', () => {
         hasIndexRead: true,
         hasIndexWrite: true,
         hasIndexUpdateDelete: true,
-        hasSiemCRUD: false,
-        hasSiemRead: true,
+        hasAlertsAll: false,
+        hasAlertsRead: true,
         isAuthenticated: true,
         loading: false,
       })
     );
   });
 
-  test('returns "hasSiemRead" as false if user does not have at least SIEM Kibana "read" privileges', async () => {
+  test('returns "hasAlertsRead" as false if user does not have the SecurityRules "read" privileges', async () => {
     const userPrivileges = produce(userPrivilegesInitial, (draft) => {
       draft.detectionEnginePrivileges.result = privilege;
-      draft.siemPrivileges = { crud: false, read: false };
+      draft.rulesPrivileges = { edit: false, read: false };
     });
     useUserPrivilegesMock.mockReturnValue(userPrivileges);
 
@@ -220,8 +220,8 @@ describe('useAlertsPrivileges', () => {
         hasIndexRead: true,
         hasIndexWrite: true,
         hasIndexUpdateDelete: true,
-        hasSiemCRUD: false,
-        hasSiemRead: false,
+        hasAlertsAll: false,
+        hasAlertsRead: false,
         isAuthenticated: true,
         loading: false,
       })

@@ -20,8 +20,8 @@ export interface AlertsPrivelegesState {
   hasIndexUpdateDelete: boolean | null;
   hasIndexMaintenance: boolean | null;
   hasIndexRead: boolean | null;
-  hasSiemCRUD: boolean;
-  hasSiemRead: boolean;
+  hasAlertsRead: boolean;
+  hasAlertsAll: boolean;
 }
 /**
  * Hook to get user privilege from
@@ -30,7 +30,8 @@ export interface AlertsPrivelegesState {
 export const useAlertsPrivileges = (): UseAlertsPrivelegesReturn => {
   const {
     detectionEnginePrivileges: { error, result, loading },
-    siemPrivileges: { crud: hasSiemCRUD, read: hasSiemRead },
+    // Rules privileges implicitly contain alerts privileges. Until we separate them out into dedicated privileges, we are using rules privileges to determine alerts privileges.
+    rulesPrivileges: { read: hasAlertsRead, edit: hasAlertsAll },
   } = useUserPrivileges();
 
   const indexName = useMemo(() => {
@@ -50,8 +51,8 @@ export const useAlertsPrivileges = (): UseAlertsPrivelegesReturn => {
         hasIndexWrite: false,
         hasIndexUpdateDelete: false,
         hasIndexMaintenance: false,
-        hasSiemCRUD,
-        hasSiemRead,
+        hasAlertsRead,
+        hasAlertsAll,
       };
     }
 
@@ -68,8 +69,8 @@ export const useAlertsPrivileges = (): UseAlertsPrivelegesReturn => {
           result.index[indexName].index ||
           result.index[indexName].write,
         hasIndexUpdateDelete: result.index[indexName].write,
-        hasSiemCRUD,
-        hasSiemRead,
+        hasAlertsRead,
+        hasAlertsAll,
       };
     }
 
@@ -81,10 +82,10 @@ export const useAlertsPrivileges = (): UseAlertsPrivelegesReturn => {
       hasIndexWrite: null,
       hasIndexUpdateDelete: null,
       hasIndexMaintenance: null,
-      hasSiemCRUD: false,
-      hasSiemRead: false,
+      hasAlertsRead: false,
+      hasAlertsAll: false,
     };
-  }, [error, result, indexName, hasSiemCRUD, hasSiemRead]);
+  }, [error, result, indexName, hasAlertsRead, hasAlertsAll]);
 
   return { loading: loading ?? false, ...privileges };
 };
@@ -188,8 +188,8 @@ const HostDetailsComponent: React.FC<HostDetailsProps> = ({ detailName, hostDeta
     dispatch(setHostDetailsTablesActivePageToZero());
   }, [dispatch, detailName]);
 
-  const { hasSiemRead: hasKibanaREAD, hasIndexRead } = useAlertsPrivileges();
-  const canReadAlerts = hasKibanaREAD && hasIndexRead;
+  const { hasAlertsRead, hasIndexRead } = useAlertsPrivileges();
+  const canReadAlerts = hasAlertsRead && hasIndexRead;
 
   const entityFilter = useMemo(
     () => ({

@@ -82,8 +82,8 @@ const NetworkDetailsComponent: React.FC = () => {
   );
 
   const { signalIndexName } = useSignalIndex();
-  const { hasSiemRead: hasKibanaREAD, hasIndexRead } = useAlertsPrivileges();
-  const canReadAlerts = hasKibanaREAD && hasIndexRead;
+  const { hasAlertsRead, hasIndexRead } = useAlertsPrivileges();
+  const canReadAlerts = hasAlertsRead && hasIndexRead;
 
   const query = useDeepEqualSelector(getGlobalQuerySelector);
   const globalFilters = useDeepEqualSelector(getGlobalFiltersQuerySelector);

@@ -94,8 +94,8 @@ const UsersDetailsComponent: React.FC<UsersDetailsProps> = ({
   const globalFilters = useDeepEqualSelector(getGlobalFiltersQuerySelector);
 
   const { signalIndexName } = useSignalIndex();
-  const { hasSiemRead: hasKibanaREAD, hasIndexRead } = useAlertsPrivileges();
-  const canReadAlerts = hasKibanaREAD && hasIndexRead;
+  const { hasAlertsRead, hasIndexRead } = useAlertsPrivileges();
+  const canReadAlerts = hasAlertsRead && hasIndexRead;
 
   const { to, from, deleteQuery, setQuery, isInitializing } = useGlobalTime();
   const { globalFullScreen } = useGlobalFullScreen();

@@ -52,11 +52,9 @@ const props = {
 
 type AlertsPriveleges = Partial<ReturnType<typeof useAlertsPrivileges>>;
 
-const writePriveleges: AlertsPriveleges = { hasIndexWrite: true, hasSiemCRUD: true };
+const writePriveleges: AlertsPriveleges = { hasIndexWrite: true };
 const readPriveleges: AlertsPriveleges = {
   hasIndexWrite: false,
-  hasSiemCRUD: false,
-  hasSiemRead: true,
   hasIndexRead: true,
 };
 

@@ -46,7 +46,7 @@ jest.mock('../../../../common/lib/kibana');
 jest.mock(
   '../../../../detections/containers/detection_engine/alerts/use_alerts_privileges',
   () => ({
-    useAlertsPrivileges: jest.fn().mockReturnValue({ hasIndexWrite: true, hasSiemCRUD: true }),
+    useAlertsPrivileges: jest.fn().mockReturnValue({ hasIndexWrite: true }),
   })
 );
 jest.mock('../../../../cases/components/use_insert_timeline');

@@ -61,7 +61,7 @@ jest.mock('../../sourcerer/containers', () => ({
 }));
 
 const defaultUseAlertsPrivilegesReturn = {
-  hasSiemRead: true,
+  hasAlertsRead: true,
   hasIndexRead: true,
 };
 
@@ -174,7 +174,7 @@ describe('DetectionResponse', () => {
   it('should not render alerts data sections if user has not index read permission', () => {
     mockUseAlertsPrivileges.mockReturnValue({
       hasIndexRead: false,
-      hasSiemRead: true,
+      hasAlertsRead: true,
     });
 
     const result = render(
@@ -198,7 +198,7 @@ describe('DetectionResponse', () => {
   it('should not render alerts data sections if user has not kibana read permission', () => {
     mockUseAlertsPrivileges.mockReturnValue({
       hasIndexRead: true,
-      hasSiemRead: false,
+      hasAlertsRead: false,
     });
 
     const result = render(
@@ -243,7 +243,7 @@ describe('DetectionResponse', () => {
   it('should render page permissions message if the user does not have read permission', () => {
     mockCanUseCases.mockReturnValue(noCasesPermissions());
     mockUseAlertsPrivileges.mockReturnValue({
-      hasSiemRead: true,
+      hasAlertsRead: true,
       hasIndexRead: false,
     });
 

@@ -54,10 +54,10 @@ const DetectionResponseComponent = () => {
   const isSourcererLoading = newDataViewPickerEnabled ? status !== 'ready' : oldIsSourcererLoading;
 
   const { signalIndexName } = useSignalIndex();
-  const { hasSiemRead: hasKibanaREAD, hasIndexRead } = useAlertsPrivileges();
+  const { hasAlertsRead, hasIndexRead } = useAlertsPrivileges();
   const userCasesPermissions = cases.helpers.canUseCases([APP_ID]);
   const canReadCases = userCasesPermissions.read;
-  const canReadAlerts = hasKibanaREAD && hasIndexRead;
+  const canReadAlerts = hasAlertsRead && hasIndexRead;
   const isSocTrendsEnabled = useIsExperimentalFeatureEnabled('socTrendsEnabled');
   const additionalFilters = useMemo(() => (filterQuery ? [filterQuery] : []), [filterQuery]);
 

@@ -90,7 +90,7 @@ const OverviewComponent = () => {
   const {
     endpointPrivileges: { canAccessFleet },
   } = useUserPrivileges();
-  const { hasIndexRead, hasSiemRead: hasKibanaREAD } = useAlertsPrivileges();
+  const { hasIndexRead, hasAlertsRead } = useAlertsPrivileges();
   const { tiDataSources: allTiDataSources, isInitiallyLoaded: isTiLoaded } = useAllTiDataSources();
 
   if (newDataViewPickerEnabled && status === 'pristine') {
@@ -129,7 +129,7 @@ const OverviewComponent = () => {
 
               <EuiFlexItem grow={3}>
                 <EuiFlexGroup direction="column" responsive={false} gutterSize="none">
-                  {hasIndexRead && hasKibanaREAD && (
+                  {hasIndexRead && hasAlertsRead && (
                     <EuiFlexItem grow={false}>
                       <SignalsByCategory filters={filters} />
                       <EuiSpacer size="l" />

@@ -159,10 +159,10 @@ describe('AIValue', () => {
       sourcererDataView: {} as Record<string, unknown>,
     });
     mockUseAlertsPrivileges.mockReturnValue({
-      hasSiemRead: true,
       hasIndexRead: true,
       hasIndexUpdateDelete: false,
-      hasSiemCRUD: false,
+      hasAlertsRead: false,
+      hasAlertsAll: false,
       loading: false,
       isAuthenticated: true,
       hasEncryptionKey: true,