From a4000f43b19875c7a4d503afca5374c4c8a9676b Mon Sep 17 00:00:00 2001
From: Devin Hurley <devin.hurley@elastic.co>
Date: Mon, 11 Jan 2021 17:44:46 -0500
Subject: [PATCH] update scripts roles to include maintenance for roles that do
 not have privileges higher than 'maintenance'

---
 .../scripts/roles_users/reader/detections_role.json             | 2 +-
 .../scripts/roles_users/rule_author/detections_role.json        | 2 +-
 .../scripts/roles_users/t1_analyst/detections_role.json         | 2 +-
 .../scripts/roles_users/t2_analyst/detections_role.json         | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/reader/detections_role.json b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/reader/detections_role.json
index cc473aed405c1..de2aa18386188 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/reader/detections_role.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/reader/detections_role.json
@@ -14,7 +14,7 @@
         "names": [
           "*"
         ],
-        "privileges": ["read", "view_index_metadata"]
+        "privileges": ["read", "maintenance", "view_index_metadata"]
       }
     ]
   },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/rule_author/detections_role.json b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/rule_author/detections_role.json
index f4950a25fdb77..da69643f3c2d3 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/rule_author/detections_role.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/rule_author/detections_role.json
@@ -18,7 +18,7 @@
       },
       {
         "names": [".siem-signals-*"],
-        "privileges": ["read", "write", "view_index_metadata"]
+        "privileges": ["read", "write", "maintenance", "view_index_metadata"]
       }
     ]
   },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/t1_analyst/detections_role.json b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/t1_analyst/detections_role.json
index 87be597e4bdb5..10b0ffc9d9890 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/t1_analyst/detections_role.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/t1_analyst/detections_role.json
@@ -2,7 +2,7 @@
   "elasticsearch": {
     "cluster": [],
     "indices": [
-      { "names": [".siem-signals-*"], "privileges": ["read", "write"] },
+      { "names": [".siem-signals-*"], "privileges": ["read", "write", "maintenance"] },
       {
         "names": [
           "apm-*-transaction*",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/t2_analyst/detections_role.json b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/t2_analyst/detections_role.json
index 18ada2ef7ab21..58a069e03985c 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/t2_analyst/detections_role.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/t2_analyst/detections_role.json
@@ -2,7 +2,7 @@
   "elasticsearch": {
     "cluster": [],
     "indices": [
-      { "names": [".siem-signals-*"], "privileges": ["read", "write"] },
+      { "names": [".siem-signals-*"], "privileges": ["read", "write", "maintenance"] },
       {
         "names": [
           ".lists*",