diff --git a/x-pack/platform/plugins/private/translations/translations/de-DE.json b/x-pack/platform/plugins/private/translations/translations/de-DE.json
index 482bdff6685a0..76e398bc844d8 100644
--- a/x-pack/platform/plugins/private/translations/translations/de-DE.json
+++ b/x-pack/platform/plugins/private/translations/translations/de-DE.json
@@ -43907,9 +43907,7 @@
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.ruleBasedDataSourcesTitle": "Regelbasierte Datenquellen",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.saveButton": "Speichern",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.updateError": "Watchlist konnte nicht aktualisiert werden",
-    "xpack.securitySolution.entityAnalytics.watchlists.missingPrivileges.title": "Unzureichende Berechtigungen zum Anzeigen der Watchlist-Verwaltung",
     "xpack.securitySolution.entityAnalytics.watchlists.prebuiltPrivName": "Privilegierter Nutzer",
-    "xpack.securitySolution.entityAnalytics.watchlists.privilegesError.title": "Fehler beim Laden der Berechtigungen für Beobachtungslisten",
     "xpack.securitySolution.entityAnalytics.watchlists.riskLevels.queryError": "Beim Laden der Daten ist ein Fehler aufgetreten",
     "xpack.securitySolution.entityAnalytics.watchlists.tab.createButtonLabel": "Beobachtungsliste erstellen",
     "xpack.securitySolution.entityAnalytics.watchlists.watchlistsManagementTable.error": "Beim Abrufen von Watchlists ist ein Fehler aufgetreten. Die Ergebnisse könnten unvollständig sein.",
diff --git a/x-pack/platform/plugins/private/translations/translations/fr-FR.json b/x-pack/platform/plugins/private/translations/translations/fr-FR.json
index 0402a2fc4f641..c8c0bda6b0b3c 100644
--- a/x-pack/platform/plugins/private/translations/translations/fr-FR.json
+++ b/x-pack/platform/plugins/private/translations/translations/fr-FR.json
@@ -43774,9 +43774,7 @@
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.ruleBasedDataSourcesTitle": "Sources de données fondées sur des règles",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.saveButton": "Enregistrer",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.updateError": "Échec de la mise à jour de la liste de surveillance",
-    "xpack.securitySolution.entityAnalytics.watchlists.missingPrivileges.title": "Privilèges insuffisants pour consulter la gestion des listes de surveillance",
     "xpack.securitySolution.entityAnalytics.watchlists.prebuiltPrivName": "Utilisateur privilégié",
-    "xpack.securitySolution.entityAnalytics.watchlists.privilegesError.title": "Erreur lors du chargement des privilèges des listes de surveillance",
     "xpack.securitySolution.entityAnalytics.watchlists.riskLevels.queryError": "Une erreur s'est produite lors du chargement des données",
     "xpack.securitySolution.entityAnalytics.watchlists.tab.createButtonLabel": "Créer une liste de surveillance",
     "xpack.securitySolution.entityAnalytics.watchlists.watchlistsManagementTable.error": "Une erreur s'est produite lors de la récupération des listes de surveillance. Les résultats peuvent être incomplets.",
diff --git a/x-pack/platform/plugins/private/translations/translations/ja-JP.json b/x-pack/platform/plugins/private/translations/translations/ja-JP.json
index bab81b720e28d..3dd18ba728446 100644
--- a/x-pack/platform/plugins/private/translations/translations/ja-JP.json
+++ b/x-pack/platform/plugins/private/translations/translations/ja-JP.json
@@ -44076,9 +44076,7 @@
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.ruleBasedDataSourcesTitle": "ルールベースのデータソース",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.saveButton": "保存",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.updateError": "ウォッチリストの更新に失敗しました",
-    "xpack.securitySolution.entityAnalytics.watchlists.missingPrivileges.title": "ウォッチリストを表示する権限が不足しています",
     "xpack.securitySolution.entityAnalytics.watchlists.prebuiltPrivName": "特権ユーザー",
-    "xpack.securitySolution.entityAnalytics.watchlists.privilegesError.title": "ウォッチリスト権限の読み込みエラー",
     "xpack.securitySolution.entityAnalytics.watchlists.riskLevels.queryError": "データの読み込み中にエラーが発生しました",
     "xpack.securitySolution.entityAnalytics.watchlists.tab.createButtonLabel": "ウォッチリストを作成",
     "xpack.securitySolution.entityAnalytics.watchlists.watchlistsManagementTable.error": "ウォッチリストの取得中にエラーが発生しました。結果は不完全である場合があります。",
diff --git a/x-pack/platform/plugins/private/translations/translations/zh-CN.json b/x-pack/platform/plugins/private/translations/translations/zh-CN.json
index d891901c188f5..17c95c1119ff5 100644
--- a/x-pack/platform/plugins/private/translations/translations/zh-CN.json
+++ b/x-pack/platform/plugins/private/translations/translations/zh-CN.json
@@ -44074,9 +44074,7 @@
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.ruleBasedDataSourcesTitle": "基于规则的数据源",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.saveButton": "保存",
     "xpack.securitySolution.entityAnalytics.watchlists.flyout.updateError": "更新监控列表失败",
-    "xpack.securitySolution.entityAnalytics.watchlists.missingPrivileges.title": "权限不足，无法查看监控列表管理。",
     "xpack.securitySolution.entityAnalytics.watchlists.prebuiltPrivName": "特权用户",
-    "xpack.securitySolution.entityAnalytics.watchlists.privilegesError.title": "加载监控列表权限时发生错误",
     "xpack.securitySolution.entityAnalytics.watchlists.riskLevels.queryError": "加载数据时出错",
     "xpack.securitySolution.entityAnalytics.watchlists.tab.createButtonLabel": "创建监控列表",
     "xpack.securitySolution.entityAnalytics.watchlists.watchlistsManagementTable.error": "检索监控列表时发生错误。结果可能不完整。",
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/api.ts b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/api.ts
index 365cf4e7e2d03..d992a43790919 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/api.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/api.ts
@@ -662,14 +662,6 @@ export const useEntityAnalyticsRoutes = () => {
         method: 'GET',
       });
 
-    // TODO: switch to WATCHLISTS privileges API when backend route lands; https://github.com/elastic/security-team/issues/16102
-    // Keeping this separate from privmon to allow safe removal of privmon later.
-    const fetchWatchlistPrivileges = (): Promise<PrivMonPrivilegesResponse> =>
-      http.fetch<PrivMonPrivilegesResponse>(PRIVMON_PRIVILEGE_CHECK_API, {
-        version: API_VERSIONS.public.v1,
-        method: 'GET',
-      });
-
     /**
      * Fetches risk engine settings
      */
@@ -933,7 +925,6 @@ export const useEntityAnalyticsRoutes = () => {
       updatePrivMonMonitoredIndices,
       fetchPrivilegeMonitoringEngineStatus,
       fetchPrivilegeMonitoringPrivileges,
-      fetchWatchlistPrivileges,
       createWatchlist,
       getWatchlist,
       updateWatchlist,
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/hooks/use_watchlists_privileges.ts b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/hooks/use_watchlists_privileges.ts
deleted file mode 100644
index 369be03f2bd32..0000000000000
--- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/hooks/use_watchlists_privileges.ts
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { SecurityAppError } from '@kbn/securitysolution-t-grid';
-import { useQuery } from '@kbn/react-query';
-import type { PrivMonPrivilegesResponse } from '../../../../common/api/entity_analytics';
-import { useEntityAnalyticsRoutes } from '../api';
-
-// TODO: update to WATCHLISTS privileges route when backend is implemented; https://github.com/elastic/security-team/issues/16102
-export const useWatchlistsPrivileges = () => {
-  const { fetchWatchlistPrivileges } = useEntityAnalyticsRoutes();
-  return useQuery<PrivMonPrivilegesResponse, SecurityAppError>({
-    queryKey: ['GET', 'FETCH_WATCHLIST_PRIVILEGES'],
-    queryFn: fetchWatchlistPrivileges,
-    retry: 0,
-  });
-};
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/watchlists/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/watchlists/index.tsx
index 39632e638f304..3d52f25a578bb 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/watchlists/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/watchlists/index.tsx
@@ -6,59 +6,16 @@
  */
 
 import React from 'react';
-import { EuiCallOut, EuiFlexGroup, EuiFlexItem, EuiLoadingElastic } from '@elastic/eui';
-import { FormattedMessage } from '@kbn/i18n-react';
+import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
 import { useSpaceId } from '../../../common/hooks/use_space_id';
-import { MissingPrivilegesCallout } from '../missing_privileges_callout';
 import { WatchlistsManagementTable } from './components/watchlists_management_table';
-import { useWatchlistsPrivileges } from '../../api/hooks/use_watchlists_privileges';
 
 export const Watchlists = () => {
   const spaceId = useSpaceId();
-  const { data: privileges, error, isLoading } = useWatchlistsPrivileges();
-  const hasRequiredPrivileges = privileges?.has_all_required ?? false;
 
   return (
     <EuiFlexGroup direction="column">
-      {error ? (
-        <EuiFlexItem>
-          <EuiCallOut
-            announceOnMount={false}
-            title={
-              <FormattedMessage
-                id="xpack.securitySolution.entityAnalytics.watchlists.privilegesError.title"
-                defaultMessage="Error loading watchlists privileges"
-              />
-            }
-            color="danger"
-            iconType="cross"
-          >
-            <p>{error.message}</p>
-          </EuiCallOut>
-        </EuiFlexItem>
-      ) : isLoading ? (
-        <EuiFlexItem>
-          <EuiFlexGroup justifyContent="center">
-            <EuiFlexItem grow={false}>
-              <EuiLoadingElastic size="m" />
-            </EuiFlexItem>
-          </EuiFlexGroup>
-        </EuiFlexItem>
-      ) : privileges && !hasRequiredPrivileges ? (
-        <EuiFlexItem>
-          <MissingPrivilegesCallout
-            privileges={privileges}
-            title={
-              <FormattedMessage
-                id="xpack.securitySolution.entityAnalytics.watchlists.missingPrivileges.title"
-                defaultMessage="Insufficient privileges to view Watchlists Management"
-              />
-            }
-          />
-        </EuiFlexItem>
-      ) : hasRequiredPrivileges ? (
-        <EuiFlexItem>{spaceId && <WatchlistsManagementTable spaceId={spaceId} />}</EuiFlexItem>
-      ) : null}
+      <EuiFlexItem>{spaceId && <WatchlistsManagementTable spaceId={spaceId} />}</EuiFlexItem>
     </EuiFlexGroup>
   );
 };
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/management/routes/create.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/management/routes/create.ts
index 18d5288aa7aad..cc06669701c63 100644
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/management/routes/create.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/management/routes/create.ts
@@ -62,6 +62,7 @@ export const createWatchlistRoute = (
               namespace,
               soClient,
               esClient: core.elasticsearch.client.asCurrentUser,
+              internalEsClient: core.elasticsearch.client.asInternalUser,
             });
 
             const { entitySources: entitySourceInputs, ...watchlistInput } = request.body;
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/management/watchlist_config.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/management/watchlist_config.test.ts
index 3f9babf32ad51..b32fe03440113 100644
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/management/watchlist_config.test.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/management/watchlist_config.test.ts
@@ -20,6 +20,7 @@ jest.mock('../entities/utils', () => ({
 describe('WatchlistConfigClient', () => {
   let soClientMock: ReturnType<typeof savedObjectsClientMock.create>;
   let esClientMock: ReturnType<typeof elasticsearchServiceMock.createElasticsearchClient>;
+  let internalEsClientMock: ReturnType<typeof elasticsearchServiceMock.createElasticsearchClient>;
   let loggerMock: ReturnType<typeof loggingSystemMock.createLogger>;
   let client: WatchlistConfigClient;
 
@@ -27,12 +28,14 @@ describe('WatchlistConfigClient', () => {
     soClientMock = savedObjectsClientMock.create();
 
     esClientMock = elasticsearchServiceMock.createElasticsearchClient();
+    internalEsClientMock = elasticsearchServiceMock.createElasticsearchClient();
 
     loggerMock = loggingSystemMock.createLogger();
 
     client = new WatchlistConfigClient({
       soClient: soClientMock,
       esClient: esClientMock,
+      internalEsClient: internalEsClientMock,
       namespace: 'default',
       logger: loggerMock,
     });
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/management/watchlist_config.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/management/watchlist_config.ts
index 60dbaf70253ae..db5e097dfc1de 100644
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/management/watchlist_config.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/management/watchlist_config.ts
@@ -31,6 +31,12 @@ export const MAX_PER_PAGE = 10_000;
 interface WatchlistConfigClientDeps {
   soClient: SavedObjectsClientContract;
   esClient: ElasticsearchClient;
+  /**
+   * Used for system index operations (e.g. creating the watchlist backing index).
+   * Hidden indices require the `x-elastic-product-origin: kibana` header which is
+   * only attached when using the internal client.
+   */
+  internalEsClient?: ElasticsearchClient;
   namespace: string;
   logger: Logger;
 }
@@ -94,8 +100,12 @@ export class WatchlistConfigClient {
       { id: options?.id, refresh: 'wait_for' }
     );
 
+    if (!this.deps.internalEsClient) {
+      throw new Error('internalEsClient is required to create a watchlist index');
+    }
+
     await createOrUpdateIndex({
-      esClient: this.deps.esClient,
+      esClient: this.deps.internalEsClient,
       logger: this.deps.logger,
       options: {
         index: getIndexForWatchlist(this.deps.namespace),
diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/entity_analytics/watchlists/watchlists_page.cy.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/entity_analytics/watchlists/watchlists_page.cy.ts
index 976abcc24e812..fba2372bd9f27 100644
--- a/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/entity_analytics/watchlists/watchlists_page.cy.ts
+++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/entity_analytics/watchlists/watchlists_page.cy.ts
@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import { PRIVMON_PRIVILEGE_CHECK_API } from '@kbn/security-solution-plugin/common/entity_analytics/privileged_user_monitoring/constants';
 import { WATCHLISTS_URL } from '@kbn/security-solution-plugin/common/entity_analytics/watchlists/constants';
 import { visit } from '../../../tasks/navigation';
 import { login } from '../../../tasks/login';
@@ -82,21 +81,6 @@ describe(
 
     beforeEach(() => {
       login();
-      cy.intercept('GET', PRIVMON_PRIVILEGE_CHECK_API, {
-        statusCode: 200,
-        body: {
-          has_all_required: true,
-          has_read_permissions: true,
-          has_write_permissions: true,
-          privileges: {
-            elasticsearch: {
-              cluster: {},
-              index: {},
-            },
-            kibana: {},
-          },
-        },
-      }).as('watchlistsPrivileges');
       cy.intercept('GET', `${WATCHLISTS_URL}/*/entity_source/list`, {
         statusCode: 200,
         body: { sources: [] },