elastic · CAWilson94 · Apr 29, 2026 · Apr 28, 2026 · Apr 28, 2026 · Apr 29, 2026
diff --git a/x-pack/platform/plugins/private/translations/translations/de-DE.json b/x-pack/platform/plugins/private/translations/translations/de-DE.json
@@ -43759,9 +43759,7 @@
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.ruleBasedDataSourcesTitle": "Regelbasierte Datenquellen",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.saveButton": "Speichern",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.updateError": "Watchlist konnte nicht aktualisiert werden",
-    "xpack.securitySolution.entityAnalytics.watchlists.missingPrivileges.title": "Unzureichende Berechtigungen zum Anzeigen der Watchlist-Verwaltung",
     "xpack.securitySolution.entityAnalytics.watchlists.prebuiltPrivName": "Privilegierter Nutzer",
-    "xpack.securitySolution.entityAnalytics.watchlists.privilegesError.title": "Fehler beim Laden der Berechtigungen für Beobachtungslisten",
     "xpack.securitySolution.entityAnalytics.watchlists.riskLevels.queryError": "Beim Laden der Daten ist ein Fehler aufgetreten",
     "xpack.securitySolution.entityAnalytics.watchlists.tab.createButtonLabel": "Beobachtungsliste erstellen",
     "xpack.securitySolution.entityAnalytics.watchlists.watchlistsManagementTable.error": "Beim Abrufen von Watchlists ist ein Fehler aufgetreten. Die Ergebnisse könnten unvollständig sein.",

diff --git a/x-pack/platform/plugins/private/translations/translations/fr-FR.json b/x-pack/platform/plugins/private/translations/translations/fr-FR.json
@@ -43626,9 +43626,7 @@
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.ruleBasedDataSourcesTitle": "Sources de données fondées sur des règles",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.saveButton": "Enregistrer",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.updateError": "Échec de la mise à jour de la liste de surveillance",
-    "xpack.securitySolution.entityAnalytics.watchlists.missingPrivileges.title": "Privilèges insuffisants pour consulter la gestion des listes de surveillance",
     "xpack.securitySolution.entityAnalytics.watchlists.prebuiltPrivName": "Utilisateur privilégié",
-    "xpack.securitySolution.entityAnalytics.watchlists.privilegesError.title": "Erreur lors du chargement des privilèges des listes de surveillance",
     "xpack.securitySolution.entityAnalytics.watchlists.riskLevels.queryError": "Une erreur s'est produite lors du chargement des données",
     "xpack.securitySolution.entityAnalytics.watchlists.tab.createButtonLabel": "Créer une liste de surveillance",
     "xpack.securitySolution.entityAnalytics.watchlists.watchlistsManagementTable.error": "Une erreur s'est produite lors de la récupération des listes de surveillance. Les résultats peuvent être incomplets.",

diff --git a/x-pack/platform/plugins/private/translations/translations/ja-JP.json b/x-pack/platform/plugins/private/translations/translations/ja-JP.json
@@ -43928,9 +43928,7 @@
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.ruleBasedDataSourcesTitle": "ルールベースのデータソース",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.saveButton": "保存",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.updateError": "ウォッチリストの更新に失敗しました",
-    "xpack.securitySolution.entityAnalytics.watchlists.missingPrivileges.title": "ウォッチリストを表示する権限が不足しています",
     "xpack.securitySolution.entityAnalytics.watchlists.prebuiltPrivName": "特権ユーザー",
-    "xpack.securitySolution.entityAnalytics.watchlists.privilegesError.title": "ウォッチリスト権限の読み込みエラー",
     "xpack.securitySolution.entityAnalytics.watchlists.riskLevels.queryError": "データの読み込み中にエラーが発生しました",
     "xpack.securitySolution.entityAnalytics.watchlists.tab.createButtonLabel": "ウォッチリストを作成",
     "xpack.securitySolution.entityAnalytics.watchlists.watchlistsManagementTable.error": "ウォッチリストの取得中にエラーが発生しました。結果は不完全である場合があります。",

diff --git a/x-pack/platform/plugins/private/translations/translations/zh-CN.json b/x-pack/platform/plugins/private/translations/translations/zh-CN.json
@@ -43926,9 +43926,7 @@
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.ruleBasedDataSourcesTitle": "基于规则的数据源",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.saveButton": "保存",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.updateError": "更新监控列表失败",
-    "xpack.securitySolution.entityAnalytics.watchlists.missingPrivileges.title": "权限不足，无法查看监控列表管理。",
     "xpack.securitySolution.entityAnalytics.watchlists.prebuiltPrivName": "特权用户",
-    "xpack.securitySolution.entityAnalytics.watchlists.privilegesError.title": "加载监控列表权限时发生错误",
     "xpack.securitySolution.entityAnalytics.watchlists.riskLevels.queryError": "加载数据时出错",
     "xpack.securitySolution.entityAnalytics.watchlists.tab.createButtonLabel": "创建监控列表",
     "xpack.securitySolution.entityAnalytics.watchlists.watchlistsManagementTable.error": "检索监控列表时发生错误。结果可能不完整。",

@@ -662,14 +662,6 @@ export const useEntityAnalyticsRoutes = () => {
         method: 'GET',
       });
 
-    // TODO: switch to WATCHLISTS privileges API when backend route lands; https://github.com/elastic/security-team/issues/16102
-    // Keeping this separate from privmon to allow safe removal of privmon later.
-    const fetchWatchlistPrivileges = (): Promise<PrivMonPrivilegesResponse> =>
-      http.fetch<PrivMonPrivilegesResponse>(PRIVMON_PRIVILEGE_CHECK_API, {
-        version: API_VERSIONS.public.v1,
-        method: 'GET',
-      });
-
     /**
      * Fetches risk engine settings
      */
@@ -933,7 +925,6 @@ export const useEntityAnalyticsRoutes = () => {
       updatePrivMonMonitoredIndices,
       fetchPrivilegeMonitoringEngineStatus,
       fetchPrivilegeMonitoringPrivileges,
-      fetchWatchlistPrivileges,
       createWatchlist,
       getWatchlist,
       updateWatchlist,

@@ -6,59 +6,16 @@
  */
 
 import React from 'react';
-import { EuiCallOut, EuiFlexGroup, EuiFlexItem, EuiLoadingElastic } from '@elastic/eui';
-import { FormattedMessage } from '@kbn/i18n-react';
+import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
 import { useSpaceId } from '../../../common/hooks/use_space_id';
-import { MissingPrivilegesCallout } from '../missing_privileges_callout';
 import { WatchlistsManagementTable } from './components/watchlists_management_table';
-import { useWatchlistsPrivileges } from '../../api/hooks/use_watchlists_privileges';
 
 export const Watchlists = () => {
   const spaceId = useSpaceId();
-  const { data: privileges, error, isLoading } = useWatchlistsPrivileges();
-  const hasRequiredPrivileges = privileges?.has_all_required ?? false;
 
   return (
     <EuiFlexGroup direction="column">
-      {error ? (
-        <EuiFlexItem>
-          <EuiCallOut
-            announceOnMount={false}
-            title={
-              <FormattedMessage
-                id="xpack.securitySolution.entityAnalytics.watchlists.privilegesError.title"
-                defaultMessage="Error loading watchlists privileges"
-              />
-            }
-            color="danger"
-            iconType="cross"
-          >
-            <p>{error.message}</p>
-          </EuiCallOut>
-        </EuiFlexItem>
-      ) : isLoading ? (
-        <EuiFlexItem>
-          <EuiFlexGroup justifyContent="center">
-            <EuiFlexItem grow={false}>
-              <EuiLoadingElastic size="m" />
-            </EuiFlexItem>
-          </EuiFlexGroup>
-        </EuiFlexItem>
-      ) : privileges && !hasRequiredPrivileges ? (
-        <EuiFlexItem>
-          <MissingPrivilegesCallout
-            privileges={privileges}
-            title={
-              <FormattedMessage
-                id="xpack.securitySolution.entityAnalytics.watchlists.missingPrivileges.title"
-                defaultMessage="Insufficient privileges to view Watchlists Management"
-              />
-            }
-          />
-        </EuiFlexItem>
-      ) : hasRequiredPrivileges ? (
-        <EuiFlexItem>{spaceId && <WatchlistsManagementTable spaceId={spaceId} />}</EuiFlexItem>
-      ) : null}
+      <EuiFlexItem>{spaceId && <WatchlistsManagementTable spaceId={spaceId} />}</EuiFlexItem>
     </EuiFlexGroup>
   );
 };
@@ -62,6 +62,7 @@ export const createWatchlistRoute = (
               namespace,
               soClient,
               esClient: core.elasticsearch.client.asCurrentUser,
+              internalEsClient: core.elasticsearch.client.asInternalUser,
             });
 
             const { entitySources: entitySourceInputs, ...watchlistInput } = request.body;

@@ -20,19 +20,22 @@ jest.mock('../entities/utils', () => ({
 describe('WatchlistConfigClient', () => {
   let soClientMock: ReturnType<typeof savedObjectsClientMock.create>;
   let esClientMock: ReturnType<typeof elasticsearchServiceMock.createElasticsearchClient>;
+  let internalEsClientMock: ReturnType<typeof elasticsearchServiceMock.createElasticsearchClient>;
   let loggerMock: ReturnType<typeof loggingSystemMock.createLogger>;
   let client: WatchlistConfigClient;
 
   beforeEach(() => {
     soClientMock = savedObjectsClientMock.create();
 
     esClientMock = elasticsearchServiceMock.createElasticsearchClient();
+    internalEsClientMock = elasticsearchServiceMock.createElasticsearchClient();
 
     loggerMock = loggingSystemMock.createLogger();
 
     client = new WatchlistConfigClient({
       soClient: soClientMock,
       esClient: esClientMock,
+      internalEsClient: internalEsClientMock,
       namespace: 'default',
       logger: loggerMock,
     });

@@ -31,6 +31,12 @@ export const MAX_PER_PAGE = 10_000;
 interface WatchlistConfigClientDeps {
   soClient: SavedObjectsClientContract;
   esClient: ElasticsearchClient;
+  /**
+   * Used for system index operations (e.g. creating the watchlist backing index).
+   * Hidden indices require the `x-elastic-product-origin: kibana` header which is
+   * only attached when using the internal client.
+   */
+  internalEsClient?: ElasticsearchClient;
   namespace: string;
   logger: Logger;
 }
@@ -94,8 +100,12 @@ export class WatchlistConfigClient {
       { id: options?.id, refresh: 'wait_for' }
     );
 
+    if (!this.deps.internalEsClient) {
+      throw new Error('internalEsClient is required to create a watchlist index');
+    }
+
     await createOrUpdateIndex({
-      esClient: this.deps.esClient,
+      esClient: this.deps.internalEsClient,
       logger: this.deps.logger,
       options: {
         index: getIndexForWatchlist(this.deps.namespace),

@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import { PRIVMON_PRIVILEGE_CHECK_API } from '@kbn/security-solution-plugin/common/entity_analytics/privileged_user_monitoring/constants';
 import { WATCHLISTS_URL } from '@kbn/security-solution-plugin/common/entity_analytics/watchlists/constants';
 import { visit } from '../../../tasks/navigation';
 import { login } from '../../../tasks/login';
@@ -82,21 +81,6 @@ describe(
 
     beforeEach(() => {
       login();
-      cy.intercept('GET', PRIVMON_PRIVILEGE_CHECK_API, {
-        statusCode: 200,
-        body: {
-          has_all_required: true,
-          has_read_permissions: true,
-          has_write_permissions: true,
-          privileges: {
-            elasticsearch: {
-              cluster: {},
-              index: {},
-            },
-            kibana: {},
-          },
-        },
-      }).as('watchlistsPrivileges');
       cy.intercept('GET', `${WATCHLISTS_URL}/*/entity_source/list`, {
         statusCode: 200,
         body: { sources: [] },