elastic · ymao1 · Mar 18, 2022 · Mar 4, 2022 · Mar 4, 2022 · Mar 7, 2022
diff --git a/docs/user/security/audit-logging.asciidoc b/docs/user/security/audit-logging.asciidoc
@@ -213,6 +213,10 @@ Refer to the corresponding {es} logs for potential write errors.
 | `success` | User has accessed a rule.
 | `failure` | User is not authorized to access a rule.
 
+.2+| `rule_get_execution_log`
+| `success` | User has accessed execution log for a rule.
+| `failure` | User is not authorized to access execution log for a rule.
+
 .2+| `rule_find`
 | `success` | User has accessed a rule as part of a search operation.
 | `failure` | User is not authorized to search for rules.

diff --git a/x-pack/plugins/alerting/README.md b/x-pack/plugins/alerting/README.md
@@ -643,6 +643,7 @@ When a user is granted the `read` role in the Alerting Framework, they will be a
 - `get`
 - `getRuleState`
 - `getAlertSummary`
+- `getExecutionLog`
 - `find`
 
 When a user is granted the `all` role in the Alerting Framework, they will be able to execute all of the `read` privileged api calls, but in addition they'll be granted the following calls:

diff --git a/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts b/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts
@@ -30,6 +30,7 @@ export enum ReadOperations {
   Get = 'get',
   GetRuleState = 'getRuleState',
   GetAlertSummary = 'getAlertSummary',
+  GetExecutionLog = 'getExecutionLog',
   Find = 'find',
 }