Adds list SO to Security feature privilege and update tests

elastic · Feb 10, 2021 · 86fc1f6 · 86fc1f6
1 parent 08111e4
commit 86fc1f6
Show file tree

Hide file tree

Showing 11 changed files with 14 additions and 20 deletions.
diff --git a/...ion/server/lib/detection_engine/scripts/roles_users/detections_admin/detections_role.json b/...ion/server/lib/detection_engine/scripts/roles_users/detections_admin/detections_role.json
@@ -26,8 +26,7 @@
         "siem": ["all"],
         "actions": ["read"],
         "builtInAlerts": ["all"],
-        "dev_tools": ["all"],
-        "savedObjectsManagement": ["all"]
+        "dev_tools": ["all"]
       },
       "spaces": ["*"]
     }

diff --git a/...urity_solution/server/lib/detection_engine/scripts/roles_users/hunter/README.md b/...urity_solution/server/lib/detection_engine/scripts/roles_users/hunter/README.md
@@ -2,7 +2,6 @@ This user can CRUD rules and signals. The main difference here is the user has
 
 ```json
 "builtInAlerts": ["all"],
-"savedObjectsManagement": ["all"]
 ```
 
 privileges whereas the T1 and T2 have "read" privileges which prevents them from creating rules

diff --git a/...rity_solution/server/lib/detection_engine/scripts/roles_users/hunter/detections_role.json b/...rity_solution/server/lib/detection_engine/scripts/roles_users/hunter/detections_role.json
@@ -30,8 +30,7 @@
         "ml": ["read"],
         "siem": ["all"],
         "actions": ["read"],
-        "builtInAlerts": ["all"],
-        "savedObjectsManagement": ["all"]
+        "builtInAlerts": ["all"]
       },
       "spaces": ["*"]
     }

diff --git a/...on/server/lib/detection_engine/scripts/roles_users/platform_engineer/detections_role.json b/...on/server/lib/detection_engine/scripts/roles_users/platform_engineer/detections_role.json
@@ -30,8 +30,7 @@
         "ml": ["all"],
         "siem": ["all"],
         "actions": ["all"],
-        "builtInAlerts": ["all"],
-        "savedObjectsManagement": ["all"]
+        "builtInAlerts": ["all"]
       },
       "spaces": ["*"]
     }

diff --git a/...rity_solution/server/lib/detection_engine/scripts/roles_users/reader/detections_role.json b/...rity_solution/server/lib/detection_engine/scripts/roles_users/reader/detections_role.json
@@ -24,8 +24,7 @@
         "ml": ["read"],
         "siem": ["read"],
         "actions": ["read"],
-        "builtInAlerts": ["read"],
-        "savedObjectsManagement": ["read"]
+        "builtInAlerts": ["read"]
       },
       "spaces": ["*"]
     }

diff --git a/...solution/server/lib/detection_engine/scripts/roles_users/rule_author/detections_role.json b/...solution/server/lib/detection_engine/scripts/roles_users/rule_author/detections_role.json
@@ -28,8 +28,7 @@
         "ml": ["read"],
         "siem": ["all"],
         "actions": ["read"],
-        "builtInAlerts": ["all"],
-        "savedObjectsManagement": ["all"]
+        "builtInAlerts": ["all"]
       },
       "spaces": ["*"]
     }

diff --git a/...solution/server/lib/detection_engine/scripts/roles_users/soc_manager/detections_role.json b/...solution/server/lib/detection_engine/scripts/roles_users/soc_manager/detections_role.json
@@ -28,8 +28,7 @@
         "ml": ["read"],
         "siem": ["all"],
         "actions": ["all"],
-        "builtInAlerts": ["all"],
-        "savedObjectsManagement": ["all"]
+        "builtInAlerts": ["all"]
       },
       "spaces": ["*"]
     }

diff --git a/..._solution/server/lib/detection_engine/scripts/roles_users/t1_analyst/detections_role.json b/..._solution/server/lib/detection_engine/scripts/roles_users/t1_analyst/detections_role.json
@@ -21,10 +21,9 @@
     {
       "feature": {
         "ml": ["read"],
-        "siem": ["all"],
+        "siem": ["read"],
         "actions": ["read"],
-        "builtInAlerts": ["read"],
-        "savedObjectsManagement": ["read"]
+        "builtInAlerts": ["read"]
       },
       "spaces": ["*"]
     }

diff --git a/..._solution/server/lib/detection_engine/scripts/roles_users/t2_analyst/detections_role.json b/..._solution/server/lib/detection_engine/scripts/roles_users/t2_analyst/detections_role.json
@@ -23,10 +23,9 @@
     {
       "feature": {
         "ml": ["read"],
-        "siem": ["all"],
+        "siem": ["read"],
         "actions": ["read"],
-        "builtInAlerts": ["read"],
-        "savedObjectsManagement": ["read"]
+        "builtInAlerts": ["read"]
       },
       "spaces": ["*"]
     }

diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts
@@ -219,6 +219,8 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
               'cases-comments',
               'cases-configure',
               'cases-user-actions',
+              'exception-list',
+              'exception-list-agnostic',
               ...savedObjectTypes,
             ],
             read: ['config'],
@@ -243,6 +245,8 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
               'cases-comments',
               'cases-configure',
               'cases-user-actions',
+              'exception-list',
+              'exception-list-agnostic',
               ...savedObjectTypes,
             ],
           },

diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/roles_users_utils/index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/roles_users_utils/index.ts
@@ -100,7 +100,6 @@ interface RoleInterface {
       siem: string[];
       actions: string[];
       builtInAlerts: string[];
-      savedObjectsManagement: string[];
     };
     spaces: string[];
   }>;
-Original file line number
+Diff line change
@@ Expand Up @@
     ```json
     "builtInAlerts": ["all"],
-    "savedObjectsManagement": ["all"]
     ```
     privileges whereas the T1 and T2 have "read" privileges which prevents them from creating rules
@@ Expand Down @@