diff --git a/packages/kbn-es/src/serverless_resources/security_roles.json b/packages/kbn-es/src/serverless_resources/security_roles.json index 5ac286a41c164..c02151ae8e2a3 100644 --- a/packages/kbn-es/src/serverless_resources/security_roles.json +++ b/packages/kbn-es/src/serverless_resources/security_roles.json @@ -1,11 +1,117 @@ { + "viewer": { + "name": "viewer", + "elasticsearch": { + "cluster": [], + "indices": [ + { + "names": [".lists-*", ".siem-signals-*", ".items-*"], + "privileges": ["read", "view_index_metadata"] + }, + { + "names": [".alerts*", ".preview.alerts*", ".internal.alerts-security.alerts-*"], + "privileges": ["read", "view_index_metadata"] + }, + { + "names": [ + "apm-*-transaction*", + "traces-apm*", + "auditbeat-*", + "endgame-*", + "filebeat-*", + "logs-*", + "packetbeat-*", + "winlogbeat-*", + "metrics-endpoint.metadata_current_*", + ".fleet-agents*", + ".fleet-actions*", + "risk-score.risk-score-*" + ], + "privileges": ["read"] + } + ], + "run_as": [] + }, + "kibana": [ + { + "feature": { + "ml": ["read"], + "siem": ["read", "read_alerts", "endpoint_list_read"], + "securitySolutionAssistant": ["all"], + "securitySolutionCases": ["read"], + "actions": ["read"], + "builtInAlerts": ["read"], + "osquery":["read"], + "discover": ["all"], + "dashboard": ["all"], + "canvas": ["all"], + "graph": ["all"], + "maps": ["all"], + "visualize": ["all"] + }, + "spaces": ["*"], + "base": [] + } + ] + }, + "editor": { + "name": "editor", + "elasticsearch": { + "cluster": [], + "indices": [ + { + "names": [".lists-*", ".siem-signals-*", ".items-*"], + "privileges": ["read", "view_index_metadata", "write", "maintenance"] + }, + { + "names": [".alerts*", ".preview.alerts*", ".internal.alerts*", "risk-score.risk-score-*"], + "privileges": ["read", "view_index_metadata", "write", "maintenance"] + }, + { + "names": [ + "apm-*-transaction*", + "traces-apm*", + "auditbeat-*", + "endgame-*", + "filebeat-*", + "logs-*", + "packetbeat-*", + "winlogbeat-*" + ], + "privileges": ["read", "write"] + } + ], + "run_as": [] + }, + "kibana": [ + { + "feature": { + "ml": ["read"], + "siem": ["all", "read_alerts", "crud_alerts", "endpoint_list_all", "trusted_applications_all", "event_filters_all", "host_isolation_exceptions_all", "blocklist_all", "policy_management_read", "host_isolation_all", "process_operations_all", "actions_log_management_all", "file_operations_all"], + "securitySolutionAssistant": ["all"], + "securitySolutionCases": ["all"], + "actions": ["read"], + "builtInAlerts": ["all"], + "osquery":["all"], + "discover": ["all"], + "dashboard": ["all"], + "canvas": ["all"], + "graph": ["all"], + "maps": ["all"], + "visualize": ["all"] + }, + "spaces": ["*"], + "base": [] + } + ] + }, "t1_analyst": { "name": "t1_analyst", "elasticsearch": { "cluster": [], "indices": [ { - "names": [".alerts-security*", ".siem-signals-*"], + "names": [".alerts-security*", ".siem-signals-*", ".internal.alerts-security.alerts-*"], "privileges": ["read", "write", "maintenance"] }, { @@ -20,7 +126,8 @@ "winlogbeat-*", "metrics-endpoint.metadata_current_*", ".fleet-agents*", - ".fleet-actions*" + ".fleet-actions*", + "risk-score.risk-score-*" ], "privileges": ["read"] } @@ -31,11 +138,18 @@ { "feature": { "ml": ["read"], - "siem": ["read", "read_alerts"], + "siem": ["read", "read_alerts", "endpoint_list_read"], "securitySolutionAssistant": ["all"], "securitySolutionCases": ["read"], "actions": ["read"], - "builtInAlerts": ["read"] + "builtInAlerts": ["read"], + "osquery":["read", "run_saved_queries"], + "discover": ["all"], + "dashboard": ["all"], + "canvas": ["all"], + "graph": ["all"], + "maps": ["all"], + "visualize": ["all"] }, "spaces": ["*"], "base": [] @@ -48,7 +162,7 @@ "cluster": [], "indices": [ { - "names": [".alerts-security*", ".siem-signals-*"], + "names": [".alerts-security*", ".siem-signals-*", ".internal.alerts-security.alerts-*"], "privileges": ["read", "write", "maintenance"] }, { @@ -65,7 +179,8 @@ "winlogbeat-*", "metrics-endpoint.metadata_current_*", ".fleet-agents*", - ".fleet-actions*" + ".fleet-actions*", + "risk-score.risk-score-*" ], "privileges": ["read"] } @@ -76,11 +191,18 @@ { "feature": { "ml": ["read"], - "siem": ["read", "read_alerts"], + "siem": ["read", "read_alerts", "endpoint_list_read"], "securitySolutionAssistant": ["all"], "securitySolutionCases": ["read"], "actions": ["read"], - "builtInAlerts": ["read"] + "builtInAlerts": ["read"], + "osquery":["read", "run_saved_queries"], + "discover": ["all"], + "dashboard": ["all"], + "canvas": ["all"], + "graph": ["all"], + "maps": ["all"], + "visualize": ["all"] }, "spaces": ["*"], "base": [] @@ -106,7 +228,7 @@ "privileges": ["read", "write"] }, { - "names": [".alerts-security*", ".siem-signals-*"], + "names": [".alerts-security*", ".siem-signals-*", ".internal.alerts-security.alerts-*"], "privileges": ["read", "write"] }, { @@ -114,7 +236,7 @@ "privileges": ["read", "write"] }, { - "names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*"], + "names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*", "risk-score.risk-score-*"], "privileges": ["read"] } ], @@ -140,9 +262,74 @@ "file_operations_all" ], "securitySolutionCases": ["all"], + "securitySolutionAssistant": ["all"], "actions": ["read"], "builtInAlerts": ["all"], - "osquery": ["all"] + "osquery": ["all"], + "discover": ["all"], + "dashboard": ["all"], + "canvas": ["all"], + "graph": ["all"], + "maps": ["all"], + "visualize": ["all"] + }, + "spaces": ["*"], + "base": [] + } + ] + }, + "threat_intelligence_analyst": { + "name": "threat_intelligence_analyst", + "elasticsearch": { + "cluster": [], + "indices":[ + { + "names": [".alerts-security*", ".siem-signals-*", ".internal.alerts-security.alerts-*"], + "privileges": ["read", "write", "maintenance"] + }, + { + "names": [ + "apm-*-transaction*", + "traces-apm*", + "auditbeat-*", + "endgame-*", + "filebeat-*", + "logs-*", + ".lists*", + ".items*", + "packetbeat-*", + "winlogbeat-*" + ], + "privileges": ["read"] + }, + { + "names": [ + "metrics-endpoint.metadata_current_*", + ".fleet-actions*", + ".fleet-agents*", + "risk-score.risk-score-*" + ], + "privileges": ["read"] + } + ], + "run_as": [] + }, + "kibana": [ + { + "feature": { + "ml": ["read"], + "siem": ["read", "read_alerts", "endpoint_list_read", "blocklist_all"], + "securitySolutionAssistant": ["all"], + "securitySolutionCases": ["all"], + "actions": ["read"], + "builtInAlerts": ["read"], + "osquery": ["all"], + "discover": ["all"], + "dashboard": ["all"], + "canvas": ["all"], + "graph": ["all"], + "maps": ["all"], + "visualize": ["all"] }, "spaces": ["*"], "base": [] @@ -163,9 +350,7 @@ "filebeat-*", "logs-*", "packetbeat-*", - "winlogbeat-*", - ".lists*", - ".items*" + "winlogbeat-*" ], "privileges": ["read", "write"] }, @@ -173,13 +358,20 @@ "names": [ ".alerts-security*", ".preview.alerts-security*", + ".internal.alerts-security.alerts-*", ".internal.preview.alerts-security*", ".siem-signals-*" ], "privileges": ["read", "write", "maintenance", "view_index_metadata"] }, { - "names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*"], + "names": [".lists*", ".items*"], + "privileges": [ + "read", "write" + ] + }, + { + "names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*", "risk-score.risk-score-*"], "privileges": ["read"] } ], @@ -189,11 +381,18 @@ { "feature": { "ml": ["read"], - "siem": ["all", "read_alerts", "crud_alerts"], + "siem": ["all", "read_alerts", "crud_alerts", "policy_management_all", "endpoint_list_all", "trusted_applications_all", "event_filters_all", "host_isolation_exceptions_read", "blocklist_all", "actions_log_management_read"], "securitySolutionAssistant": ["all"], "securitySolutionCases": ["all"], "actions": ["read"], - "builtInAlerts": ["all"] + "builtInAlerts": ["all"], + "osquery": ["all"], + "discover": ["all"], + "dashboard": ["all"], + "canvas": ["all"], + "graph": ["all"], + "maps": ["all"], + "visualize": ["all"] }, "spaces": ["*"], "base": [] @@ -224,13 +423,14 @@ "names": [ ".alerts-security*", ".preview.alerts-security*", + ".internal.alerts-security.alerts-*", ".internal.preview.alerts-security*", ".siem-signals-*" ], "privileges": ["read", "write", "manage"] }, { - "names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*"], + "names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*", "risk-score.risk-score-*"], "privileges": ["read"] } ], @@ -240,11 +440,18 @@ { "feature": { "ml": ["read"], - "siem": ["all", "read_alerts", "crud_alerts"], + "siem": ["all", "read_alerts", "crud_alerts", "policy_management_all", "endpoint_list_all", "trusted_applications_all","event_filters_all","host_isolation_exceptions_all","blocklist_all","host_isolation_all","process_operations_all","actions_log_management_all","file_operations_all","execute_operations_all"], "securitySolutionAssistant": ["all"], "securitySolutionCases": ["all"], "actions": ["all"], - "builtInAlerts": ["all"] + "builtInAlerts": ["all"], + "osquery": ["all"], + "discover": ["all"], + "dashboard": ["all"], + "canvas": ["all"], + "graph": ["all"], + "maps": ["all"], + "visualize": ["all"] }, "spaces": ["*"], "base": [] @@ -254,7 +461,7 @@ "detections_admin": { "name": "detections_admin", "elasticsearch": { - "cluster": ["manage"], + "cluster": ["manage_index_templates", "manage_transform"], "indices": [ { "names": [ @@ -262,6 +469,7 @@ ".alerts-security*", ".preview.alerts-security*", ".internal.preview.alerts-security*", + ".internal.alerts-security.alerts-*", ".lists*", ".items*", "apm-*-transaction*", @@ -278,6 +486,10 @@ { "names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*"], "privileges": ["read"] + }, + { + "names": ["risk-score.risk-score-*"], + "privileges": ["all"] } ], "run_as": [] @@ -289,9 +501,15 @@ "siem": ["all", "read_alerts", "crud_alerts"], "securitySolutionAssistant": ["all"], "securitySolutionCases": ["all"], - "actions": ["read"], + "actions": ["all"], "builtInAlerts": ["all"], - "dev_tools": ["all"] + "dev_tools": ["all"], + "discover": ["all"], + "dashboard": ["all"], + "canvas": ["all"], + "graph": ["all"], + "maps": ["all"], + "visualize": ["all"] }, "spaces": ["*"], "base": [] @@ -327,6 +545,7 @@ "names": [ ".alerts-security*", ".preview.alerts-security*", + ".internal.alerts-security.alerts-*", ".internal.preview.alerts-security*", ".siem-signals-*" ], @@ -339,11 +558,145 @@ { "feature": { "ml": ["all"], - "siem": ["all", "read_alerts", "crud_alerts"], + "siem": ["all", "read_alerts", "crud_alerts", "policy_management_all","endpoint_list_all","trusted_applications_all","event_filters_all","host_isolation_exceptions_all","blocklist_all","actions_log_management_read"], + "securitySolutionAssistant": ["all"], + "securitySolutionCases": ["all"], + "actions": ["all"], + "builtInAlerts": ["all"], + "fleet": ["all"], + "fleetv2": ["all"], + "indexPatterns": ["all"], + "osquery": ["all"], + "discover": ["all"], + "dashboard": ["all"], + "canvas": ["all"], + "graph": ["all"], + "maps": ["all"], + "visualize": ["all"] + }, + "spaces": ["*"], + "base": [] + } + ] + }, + "endpoint_operations_analyst": { + "name": "endpoint_operations_analyst", + "elasticsearch": { + "cluster": [], + "indices": [ + { + "names": ["metrics-endpoint.metadata_current_*", ".fleet-actions*",".fleet-agents*"], + "privileges": ["read"] + }, + { + "names": [ + "apm-*-transaction*", + "traces-apm*", + "auditbeat-*", + "endgame-*", + "filebeat-*", + "logs-*", + "packetbeat-*", + "winlogbeat-*", + ".lists*", + ".items*", + "risk-score.risk-score-*" + ], + "privileges": ["read"] + }, + { + "names": [ + ".alerts-security*", + ".preview.alerts-security*", + ".internal.alerts-security.alerts-*", + ".internal.preview.alerts-security*", + ".siem-signals-*" + ], + "privileges": ["read", "write"] + } + ], + "run_as": [] + }, + "kibana": [ + { + "feature": { + "ml": ["all"], + "siem": ["all", "read_alerts", "policy_management_all","endpoint_list_all","trusted_applications_all","event_filters_all","host_isolation_exceptions_all","blocklist_all", "host_isolation_all", "process_operations_all","actions_log_management_read", "file_operations_all","execute_operations_all"], "securitySolutionAssistant": ["all"], "securitySolutionCases": ["all"], "actions": ["all"], - "builtInAlerts": ["all"] + "builtInAlerts": ["all"], + "fleet": ["all"], + "fleetv2": ["all"], + "osquery": ["all"], + "discover": ["all"], + "dashboard": ["all"], + "canvas": ["all"], + "graph": ["all"], + "maps": ["all"], + "visualize": ["all"] + }, + "spaces": ["*"], + "base": [] + } + ] + }, + "endpoint_policy_manager": { + "name": "endpoint_policy_manager", + "elasticsearch": { + "cluster": [], + "indices": [ + { + "names": ["metrics-endpoint.metadata_current_*", ".fleet-actions*",".fleet-agents*"], + "privileges": ["read"] + }, + { + "names": [ + "apm-*-transaction*", + "traces-apm*", + "auditbeat-*", + "endgame-*", + "filebeat-*", + "logs-*", + "packetbeat-*", + "winlogbeat-*", + ".lists*", + ".items*", + "risk-score.risk-score-*" + ], + "privileges": ["read"] + }, + { + "names": [ + ".alerts-security*", + ".preview.alerts-security*", + ".internal.alerts-security.alerts-*", + ".internal.preview.alerts-security*", + ".siem-signals-*" + ], + "privileges": ["read", "write","manage"] + } + ], + "run_as": [] + }, + "kibana": [ + { + "feature": { + "ml": ["all"], + "siem": ["all", "read_alerts","crud_alerts", "policy_management_all","endpoint_list_all","trusted_applications_all","event_filters_all","host_isolation_exceptions_all","blocklist_all"], + "securitySolutionAssistant": ["all"], + "securitySolutionCases": ["all"], + "actions": ["all"], + "builtInAlerts": ["all"], + "fleet": ["all"], + "fleetv2": ["all"], + "osquery": ["all"], + "discover": ["all"], + "dashboard": ["all"], + "canvas": ["all"], + "graph": ["all"], + "maps": ["all"], + "visualize": ["all"] }, "spaces": ["*"], "base": [] diff --git a/x-pack/plugins/security_solution/common/test/index.ts b/x-pack/plugins/security_solution/common/test/index.ts index ac2fd661320ce..ca065b08b54ac 100644 --- a/x-pack/plugins/security_solution/common/test/index.ts +++ b/x-pack/plugins/security_solution/common/test/index.ts @@ -18,13 +18,18 @@ export type SecurityRoleName = ServerlessSecurityRoleName | EssSecurityRoleName; export enum ROLES { // Serverless roles + viewer = 'viewer', + editor = 'editor', t1_analyst = 't1_analyst', t2_analyst = 't2_analyst', t3_analyst = 't3_analyst', + threat_intelligence_analyst = 'threat_intelligence_analyst', rule_author = 'rule_author', soc_manager = 'soc_manager', detections_admin = 'detections_admin', platform_engineer = 'platform_engineer', + endpoint_operations_analyst = 'endpoint_operations_analyst', + endpoint_policy_manager = 'endpoint_policy_manager', // ESS roles reader = 'reader', hunter = 'hunter', diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/read_privileges.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/read_privileges.ts index b95c6771367f4..df53ceaebe475 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/read_privileges.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/read_privileges.ts @@ -478,31 +478,31 @@ export default ({ getService }: FtrProviderContext) => { username: 'detections_admin', has_all_requested: false, cluster: { - monitor_ml: true, + monitor_ml: false, manage_ccr: false, manage_index_templates: true, - monitor_watcher: true, + monitor_watcher: false, monitor_transform: true, - read_ilm: true, + read_ilm: false, manage_api_key: false, manage_security: false, manage_own_api_key: false, manage_saml: false, all: false, - manage_ilm: true, - manage_ingest_pipelines: true, + manage_ilm: false, + manage_ingest_pipelines: false, read_ccr: false, - manage_rollup: true, - monitor: true, - manage_watcher: true, - manage: true, + manage_rollup: false, + monitor: false, + manage_watcher: false, + manage: false, manage_transform: true, manage_token: false, - manage_ml: true, - manage_pipeline: true, - monitor_rollup: true, - transport_client: true, - create_snapshot: true, + manage_ml: false, + manage_pipeline: false, + monitor_rollup: false, + transport_client: false, + create_snapshot: false, }, index: { '.alerts-security.alerts-default': { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status/alert_status.cy.ts similarity index 92% rename from x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status.cy.ts rename to x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status/alert_status.cy.ts index ca90e9b72efd1..f2de3c97675ff 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status/alert_status.cy.ts @@ -5,8 +5,8 @@ * 2.0. */ -import { getNewRule } from '../../../objects/rule'; -import { ALERTS_COUNT, SELECTED_ALERTS } from '../../../screens/alerts'; +import { getNewRule } from '../../../../objects/rule'; +import { ALERTS_COUNT, SELECTED_ALERTS } from '../../../../screens/alerts'; import { selectNumberOfAlerts, @@ -20,14 +20,14 @@ import { goToOpenedAlerts, openAlerts, openFirstAlert, -} from '../../../tasks/alerts'; -import { createRule } from '../../../tasks/api_calls/rules'; -import { deleteAlertsAndRules } from '../../../tasks/common'; -import { waitForAlertsToPopulate } from '../../../tasks/create_new_rule'; -import { login } from '../../../tasks/login'; -import { visit } from '../../../tasks/navigation'; - -import { ALERTS_URL } from '../../../urls/navigation'; +} from '../../../../tasks/alerts'; +import { createRule } from '../../../../tasks/api_calls/rules'; +import { deleteAlertsAndRules } from '../../../../tasks/common'; +import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule'; +import { login } from '../../../../tasks/login'; +import { visit } from '../../../../tasks/navigation'; + +import { ALERTS_URL } from '../../../../urls/navigation'; // FLAKY: https://github.com/elastic/kibana/issues/169091 describe('Changing alert status', { tags: ['@ess', '@serverless'] }, () => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status/alert_status_privileges.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status/alert_status_privileges.cy.ts new file mode 100644 index 0000000000000..3e98d1254cf43 --- /dev/null +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status/alert_status_privileges.cy.ts @@ -0,0 +1,92 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ROLES, SecurityRoleName } from '@kbn/security-solution-plugin/common/test'; +import { getNewRule } from '../../../../objects/rule'; +import { ALERTS_COUNT, SELECTED_ALERTS } from '../../../../screens/alerts'; + +import { + selectNumberOfAlerts, + waitForAlerts, + closeFirstAlert, + goToClosedAlerts, +} from '../../../../tasks/alerts'; +import { createRule } from '../../../../tasks/api_calls/rules'; +import { deleteAlertsAndRules } from '../../../../tasks/common'; +import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule'; +import { login } from '../../../../tasks/login'; +import { visit } from '../../../../tasks/navigation'; + +import { ALERTS_URL } from '../../../../urls/navigation'; + +const CAN_UPDATE_ALERT_STATUS: SecurityRoleName[] = [ + ROLES.t1_analyst, + ROLES.t2_analyst, + // ROLES.t3_analyst, + ROLES.threat_intelligence_analyst, + ROLES.rule_author, + ROLES.detections_admin, + ROLES.soc_manager, + ROLES.platform_engineer, + // ROLES.endpoint_operations_analyst, + ROLES.endpoint_policy_manager, +]; + +describe('Changing alert status privileges', { tags: ['@ess', '@serverless'] }, () => { + before(() => { + cy.task('esArchiverLoad', { archiveName: 'auditbeat_big' }); + }); + + after(() => { + cy.task('esArchiverUnload', 'auditbeat_big'); + }); + + beforeEach(() => { + deleteAlertsAndRules(); + login(); + visit(ALERTS_URL); + createRule(getNewRule({ rule_id: '1', max_signals: 100 })); + waitForAlertsToPopulate(); + }); + + describe('can update status', () => { + CAN_UPDATE_ALERT_STATUS.forEach((role) => { + it(`${role} can close an alert`, () => { + const numberOfAlertsToBeClosed = 1; + + login(role); + visit(ALERTS_URL, { role }); + waitForAlertsToPopulate(); + + cy.get(ALERTS_COUNT) + .invoke('text') + .then((alertNumberString) => { + const numberOfAlerts = alertNumberString.split(' ')[0]; + cy.get(ALERTS_COUNT).should('have.text', `${numberOfAlerts} alerts`); + + selectNumberOfAlerts(numberOfAlertsToBeClosed); + + cy.get(SELECTED_ALERTS).should( + 'have.text', + `Selected ${numberOfAlertsToBeClosed} alert` + ); + + closeFirstAlert(); + waitForAlerts(); + + const expectedNumberOfAlertsAfterClosing = +numberOfAlerts - numberOfAlertsToBeClosed; + cy.get(ALERTS_COUNT).contains(expectedNumberOfAlertsAfterClosing); + + goToClosedAlerts(); + waitForAlerts(); + + cy.get(ALERTS_COUNT).contains(numberOfAlertsToBeClosed); + }); + }); + }); + }); +}); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_tags.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_tags/alert_tags.cy.ts similarity index 85% rename from x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_tags.cy.ts rename to x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_tags/alert_tags.cy.ts index ee3955576a272..e74fce07854f4 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_tags.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_tags/alert_tags.cy.ts @@ -5,25 +5,25 @@ * 2.0. */ -import { getNewRule } from '../../../objects/rule'; +import { getNewRule } from '../../../../objects/rule'; import { clickAlertTag, openAlertTaggingBulkActionMenu, selectNumberOfAlerts, updateAlertTags, -} from '../../../tasks/alerts'; -import { createRule } from '../../../tasks/api_calls/rules'; -import { deleteAlertsAndRules } from '../../../tasks/common'; -import { login } from '../../../tasks/login'; -import { visitWithTimeRange } from '../../../tasks/navigation'; -import { ALERTS_URL } from '../../../urls/navigation'; -import { waitForAlertsToPopulate } from '../../../tasks/create_new_rule'; +} from '../../../../tasks/alerts'; +import { createRule } from '../../../../tasks/api_calls/rules'; +import { deleteAlertsAndRules } from '../../../../tasks/common'; +import { login } from '../../../../tasks/login'; +import { visitWithTimeRange } from '../../../../tasks/navigation'; +import { ALERTS_URL } from '../../../../urls/navigation'; +import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule'; import { ALERTS_TABLE_ROW_LOADER, MIXED_ALERT_TAG, SELECTED_ALERT_TAG, UNSELECTED_ALERT_TAG, -} from '../../../screens/alerts'; +} from '../../../../screens/alerts'; describe('Alert tagging', { tags: ['@ess', '@serverless'] }, () => { beforeEach(() => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_tags/alert_tags_privileges.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_tags/alert_tags_privileges.cy.ts new file mode 100644 index 0000000000000..cbf57c12806ae --- /dev/null +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_tags/alert_tags_privileges.cy.ts @@ -0,0 +1,102 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ROLES, SecurityRoleName } from '@kbn/security-solution-plugin/common/test'; + +import { getNewRule } from '../../../../objects/rule'; +import { + clickAlertTag, + openAlertTaggingBulkActionMenu, + selectNumberOfAlerts, + updateAlertTags, +} from '../../../../tasks/alerts'; +import { createRule } from '../../../../tasks/api_calls/rules'; +import { deleteAlertsAndRules } from '../../../../tasks/common'; +import { login } from '../../../../tasks/login'; +import { visitWithTimeRange } from '../../../../tasks/navigation'; +import { ALERTS_URL } from '../../../../urls/navigation'; +import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule'; +import { + ALERTS_TABLE_ROW_LOADER, + ALERT_TAGGING_CONTEXT_MENU_ITEM, + SELECTED_ALERT_TAG, + TAKE_ACTION_POPOVER_BTN, + UNSELECTED_ALERT_TAG, +} from '../../../../screens/alerts'; + +const CANNOT_INTERACT_WITH_TAGS: SecurityRoleName[] = [ROLES.viewer]; + +const CAN_INTERACT_WITH_TAGS: SecurityRoleName[] = [ + ROLES.editor, + ROLES.t1_analyst, + ROLES.t2_analyst, + // ROLES.t3_analyst, + ROLES.threat_intelligence_analyst, + ROLES.rule_author, + ROLES.detections_admin, + ROLES.soc_manager, + ROLES.platform_engineer, + // ROLES.endpoint_operations_analyst, + ROLES.endpoint_policy_manager, +]; + +describe('Alert tagging privileges', { tags: ['@ess', '@serverless'] }, () => { + beforeEach(() => { + deleteAlertsAndRules(); + login(); + visitWithTimeRange(ALERTS_URL); + cy.task('esArchiverLoad', { archiveName: 'endpoint' }); + createRule(getNewRule({ rule_id: 'new custom rule' })); + waitForAlertsToPopulate(); + }); + + afterEach(() => { + cy.task('esArchiverUnload', 'endpoint'); + }); + + describe('have write privileges', () => { + CAN_INTERACT_WITH_TAGS.forEach((role) => { + it(`${role} can add and remove a tag using the alert bulk action menu`, () => { + login(role); + visitWithTimeRange(ALERTS_URL, { role }); + waitForAlertsToPopulate(); + + // Add a tag to one alert + selectNumberOfAlerts(1); + openAlertTaggingBulkActionMenu(); + clickAlertTag('Duplicate'); + updateAlertTags(); + cy.get(ALERTS_TABLE_ROW_LOADER).should('not.exist'); + selectNumberOfAlerts(1); + openAlertTaggingBulkActionMenu(); + cy.get(SELECTED_ALERT_TAG).contains('Duplicate'); + // Remove tag from that alert + clickAlertTag('Duplicate'); + updateAlertTags(); + cy.get(ALERTS_TABLE_ROW_LOADER).should('not.exist'); + selectNumberOfAlerts(1); + openAlertTaggingBulkActionMenu(); + cy.get(UNSELECTED_ALERT_TAG).first().contains('Duplicate'); + }); + }); + }); + + describe('do not have privileges', () => { + CANNOT_INTERACT_WITH_TAGS.forEach((role) => { + it(`${role} cannot add and remove a tag using the alert bulk action menu`, () => { + login(role); + visitWithTimeRange(ALERTS_URL, { role }); + waitForAlertsToPopulate(); + + // Add a tag to one alert + selectNumberOfAlerts(1); + cy.get(TAKE_ACTION_POPOVER_BTN).click(); + cy.get(ALERT_TAGGING_CONTEXT_MENU_ITEM).should('not.exist'); + }); + }); + }); +}); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/value_lists/permissions.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/value_lists/permissions.cy.ts deleted file mode 100644 index ddc1f939c08fe..0000000000000 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/value_lists/permissions.cy.ts +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { ROLES } from '@kbn/security-solution-plugin/common/test'; - -import { login } from '../../../tasks/login'; -import { visit } from '../../../tasks/navigation'; -import { RULES_MANAGEMENT_URL } from '../../../urls/rules_management'; -import { VALUE_LISTS_MODAL_ACTIVATOR } from '../../../screens/lists'; - -describe('value list permissions', { tags: ['@ess', '@skipInServerless'] }, () => { - describe('user with restricted access role', () => { - it('Does not allow a t1 analyst user to upload a value list', () => { - login(ROLES.t1_analyst); - visit(RULES_MANAGEMENT_URL, { role: ROLES.t1_analyst }); - cy.get(VALUE_LISTS_MODAL_ACTIVATOR).should('have.attr', 'disabled'); - }); - }); -}); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/value_lists/value_lists_privileges.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/value_lists/value_lists_privileges.cy.ts new file mode 100644 index 0000000000000..5355c2876d892 --- /dev/null +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/value_lists/value_lists_privileges.cy.ts @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ROLES, SecurityRoleName } from '@kbn/security-solution-plugin/common/test'; + +import { login } from '../../../tasks/login'; +import { visit } from '../../../tasks/navigation'; +import { RULES_MANAGEMENT_URL } from '../../../urls/rules_management'; +import { VALUE_LISTS_MODAL_ACTIVATOR } from '../../../screens/lists'; + +const CAN_IMPORT_VALUE_LISTS: SecurityRoleName[] = [ + ROLES.t3_analyst, + // ROLES.threat_intelligence_analyst, + ROLES.rule_author, + ROLES.detections_admin, + ROLES.soc_manager, + ROLES.platform_engineer, + // ROLES.endpoint_policy_manager, +]; + +const CANNOT_IMPORT_VALUE_LISTS: SecurityRoleName[] = [ + ROLES.t1_analyst, + ROLES.t2_analyst, + ROLES.endpoint_operations_analyst, +]; + +describe('value list permissions', { tags: ['@ess', '@serverless'] }, () => { + CAN_IMPORT_VALUE_LISTS.forEach((role) => { + it(`${role} is allowed to upload a value list`, () => { + login(role); + visit(RULES_MANAGEMENT_URL, { role }); + cy.get(VALUE_LISTS_MODAL_ACTIVATOR).should('not.have.attr', 'disabled'); + }); + }); + + CANNOT_IMPORT_VALUE_LISTS.forEach((role) => { + it(`${role} is NOT allowed to upload a value list`, () => { + login(role); + visit(RULES_MANAGEMENT_URL, { role }); + cy.get(VALUE_LISTS_MODAL_ACTIVATOR).should('have.attr', 'disabled'); + }); + }); +}); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/exceptions/alerts_table_flow/rule_exceptions/rule_exceptions_privileges.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/exceptions/alerts_table_flow/rule_exceptions/rule_exceptions_privileges.cy.ts new file mode 100644 index 0000000000000..0afb5faa7c5b0 --- /dev/null +++ b/x-pack/test/security_solution_cypress/cypress/e2e/exceptions/alerts_table_flow/rule_exceptions/rule_exceptions_privileges.cy.ts @@ -0,0 +1,69 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { ROLES, SecurityRoleName } from '@kbn/security-solution-plugin/common/test'; +import { visit } from '../../../../tasks/navigation'; +import { ALERTS_URL } from '../../../../urls/navigation'; +import { ADD_EXCEPTION_BTN } from '../../../../screens/alerts'; +import { LOADING_INDICATOR } from '../../../../screens/security_header'; +import { getNewRule } from '../../../../objects/rule'; +import { createRule } from '../../../../tasks/api_calls/rules'; +import { expandFirstAlertActions } from '../../../../tasks/alerts'; +import { login } from '../../../../tasks/login'; + +import { deleteAlertsAndRules } from '../../../../tasks/common'; +import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule'; + +const CAN_ADD_EXCEPTION: SecurityRoleName[] = [ + ROLES.t3_analyst, + // ROLES.threat_intelligence_analyst, + ROLES.rule_author, + ROLES.detections_admin, + ROLES.soc_manager, + ROLES.platform_engineer, + ROLES.endpoint_policy_manager, +]; + +const CANNOT_ADD_EXCEPTION: SecurityRoleName[] = [ + ROLES.t1_analyst, + ROLES.t2_analyst, + // ROLES.endpoint_operations_analyst, +]; + +describe('Add exception item from alert privileges', { tags: ['@ess', '@serverless'] }, () => { + before(() => { + deleteAlertsAndRules(); + login(); + visit(ALERTS_URL); + createRule(getNewRule()); + waitForAlertsToPopulate(); + }); + + CAN_ADD_EXCEPTION.forEach((role) => { + it(`${role} can create a rule exception item from alert actions overflow menu`, () => { + login(role); + visit(ALERTS_URL, { role }); + waitForAlertsToPopulate(); + + cy.get(LOADING_INDICATOR).should('not.exist'); + expandFirstAlertActions(); + cy.get(ADD_EXCEPTION_BTN).should('exist'); + cy.get(ADD_EXCEPTION_BTN).should('not.have.attr', 'disabled'); + }); + }); + + CANNOT_ADD_EXCEPTION.forEach((role) => { + it(`${role} cannot create a rule exception item from alert actions overflow menu`, () => { + login(role); + visit(ALERTS_URL, { role }); + waitForAlertsToPopulate(); + + cy.get(LOADING_INDICATOR).should('not.exist'); + expandFirstAlertActions(); + cy.get(ADD_EXCEPTION_BTN).should('not.exist'); + }); + }); +}); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/exceptions/rule_details_flow/read_only_view.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/exceptions/rule_details_flow/read_only_view.cy.ts deleted file mode 100644 index 935668db1a5a6..0000000000000 --- a/x-pack/test/security_solution_cypress/cypress/e2e/exceptions/rule_details_flow/read_only_view.cy.ts +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import { ROLES } from '@kbn/security-solution-plugin/common/test'; - -import { getExceptionList } from '../../../objects/exception'; -import { getNewRule } from '../../../objects/rule'; -import { createRule } from '../../../tasks/api_calls/rules'; -import { login } from '../../../tasks/login'; -import { visitRulesManagementTable } from '../../../tasks/rules_management'; -import { goToExceptionsTab, goToAlertsTab } from '../../../tasks/rule_details'; -import { goToRuleDetailsOf } from '../../../tasks/alerts_detection_rules'; -import { deleteAlertsAndRules } from '../../../tasks/common'; -import { - NO_EXCEPTIONS_EXIST_PROMPT, - EXCEPTION_ITEM_VIEWER_CONTAINER, - ADD_EXCEPTIONS_BTN_FROM_VIEWER_HEADER, - ADD_EXCEPTIONS_BTN_FROM_EMPTY_PROMPT_BTN, -} from '../../../screens/exceptions'; -import { EXCEPTION_ITEM_ACTIONS_BUTTON } from '../../../screens/rule_details'; -import { - createExceptionList, - createExceptionListItem, - deleteExceptionList, -} from '../../../tasks/api_calls/exceptions'; - -describe('Exceptions viewer read only', { tags: ['@ess'] }, () => { - const exceptionList = getExceptionList(); - - beforeEach(() => { - deleteAlertsAndRules(); - deleteExceptionList(exceptionList.list_id, exceptionList.namespace_type); - - // create rule with exceptions - createExceptionList(exceptionList, exceptionList.list_id).then((response) => { - createRule( - getNewRule({ - name: 'Test exceptions rule', - query: 'agent.name:*', - index: ['exceptions*'], - exceptions_list: [ - { - id: response.body.id, - list_id: exceptionList.list_id, - type: exceptionList.type, - namespace_type: exceptionList.namespace_type, - }, - ], - rule_id: '2', - }) - ); - }); - - login(ROLES.t1_analyst); - visitRulesManagementTable(ROLES.t1_analyst); - goToRuleDetailsOf('Test exceptions rule'); - goToExceptionsTab(); - }); - - it('Cannot add an exception from empty viewer screen', () => { - // when no exceptions exist, empty component shows with action to add exception - cy.get(NO_EXCEPTIONS_EXIST_PROMPT).should('exist'); - - // cannot add an exception from empty view - cy.get(ADD_EXCEPTIONS_BTN_FROM_EMPTY_PROMPT_BTN).should('have.attr', 'disabled'); - }); - - it('Cannot take actions on exception', () => { - createExceptionListItem(exceptionList.list_id, { - list_id: exceptionList.list_id, - item_id: 'simple_list_item', - tags: [], - type: 'simple', - description: 'Test exception item', - name: 'Sample Exception List Item', - namespace_type: 'single', - entries: [ - { - field: 'unique_value.test', - operator: 'included', - type: 'match_any', - value: ['bar'], - }, - ], - }); - - goToAlertsTab(); - goToExceptionsTab(); - - // can view exceptions - cy.get(NO_EXCEPTIONS_EXIST_PROMPT).should('not.exist'); - cy.get(EXCEPTION_ITEM_VIEWER_CONTAINER).should('have.length', 1); - - // cannot access edit/delete actions of item - cy.get(EXCEPTION_ITEM_ACTIONS_BUTTON).should('have.attr', 'disabled'); - - // does not display add exception button - cy.get(ADD_EXCEPTIONS_BTN_FROM_VIEWER_HEADER).should('not.exist'); - }); -}); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/exceptions/rule_details_flow/rule_details_flow_privileges.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/exceptions/rule_details_flow/rule_details_flow_privileges.cy.ts new file mode 100644 index 0000000000000..5f9ad3a99015c --- /dev/null +++ b/x-pack/test/security_solution_cypress/cypress/e2e/exceptions/rule_details_flow/rule_details_flow_privileges.cy.ts @@ -0,0 +1,220 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { ROLES, SecurityRoleName } from '@kbn/security-solution-plugin/common/test'; + +import { getExceptionList } from '../../../objects/exception'; +import { getNewRule } from '../../../objects/rule'; +import { createRule } from '../../../tasks/api_calls/rules'; +import { login } from '../../../tasks/login'; +import { goToExceptionsTab } from '../../../tasks/rule_details'; +import { deleteAlertsAndRules } from '../../../tasks/common'; +import { + NO_EXCEPTIONS_EXIST_PROMPT, + EXCEPTION_ITEM_VIEWER_CONTAINER, + ADD_EXCEPTIONS_BTN_FROM_VIEWER_HEADER, + ADD_EXCEPTIONS_BTN_FROM_EMPTY_PROMPT_BTN, +} from '../../../screens/exceptions'; +import { EXCEPTION_ITEM_ACTIONS_BUTTON } from '../../../screens/rule_details'; +import { + createExceptionList, + createExceptionListItem, + deleteExceptionList, +} from '../../../tasks/api_calls/exceptions'; +import { ruleDetailsUrl } from '../../../urls/rule_details'; +import { visit } from '../../../tasks/navigation'; + +const CAN_ADD_EXCEPTION: SecurityRoleName[] = [ + ROLES.t3_analyst, + // ROLES.threat_intelligence_analyst, + ROLES.rule_author, + ROLES.detections_admin, + ROLES.soc_manager, + ROLES.platform_engineer, + ROLES.endpoint_policy_manager, +]; + +const CANNOT_ADD_EXCEPTION: SecurityRoleName[] = [ + ROLES.t1_analyst, + ROLES.t2_analyst, + // ROLES.endpoint_operations_analyst, +]; + +describe('Rule details flow exceptions privileges', { tags: ['@ess', '@serverless'] }, () => { + const exceptionList = getExceptionList(); + + describe('empty state', () => { + beforeEach(() => { + deleteAlertsAndRules(); + deleteExceptionList(exceptionList.list_id, exceptionList.namespace_type); + }); + + CANNOT_ADD_EXCEPTION.forEach((role) => { + it(`${role} cannot add an exception from empty viewer screen`, () => { + login(role); + createRule( + getNewRule({ + name: 'Test exceptions rule', + query: 'agent.name:*', + index: ['exceptions*'], + rule_id: '2', + }) + ).then((rule) => { + visit(ruleDetailsUrl(rule.body.id)); + }); + + goToExceptionsTab(); + + // when no exceptions exist, empty component shows with action to add exception + cy.get(NO_EXCEPTIONS_EXIST_PROMPT).should('exist'); + + // cannot add an exception from empty view + cy.get(ADD_EXCEPTIONS_BTN_FROM_EMPTY_PROMPT_BTN).should('have.attr', 'disabled'); + }); + }); + + CAN_ADD_EXCEPTION.forEach((role) => { + it(`${role} can add an exception from empty viewer screen`, () => { + login(role); + createRule( + getNewRule({ + name: 'Test exceptions rule', + query: 'agent.name:*', + index: ['exceptions*'], + rule_id: '2', + }) + ).then((rule) => { + visit(ruleDetailsUrl(rule.body.id)); + }); + + goToExceptionsTab(); + + // when no exceptions exist, empty component shows with action to add exception + cy.get(NO_EXCEPTIONS_EXIST_PROMPT).should('exist'); + + // cannot add an exception from empty view + cy.get(ADD_EXCEPTIONS_BTN_FROM_EMPTY_PROMPT_BTN).should('not.have.attr', 'disabled'); + }); + }); + }); + + describe('non empty state', () => { + beforeEach(() => { + deleteAlertsAndRules(); + deleteExceptionList(exceptionList.list_id, exceptionList.namespace_type); + }); + + CANNOT_ADD_EXCEPTION.forEach((role) => { + it(`${role} cannot take actions on exception`, () => { + login(role); + createExceptionList(exceptionList, exceptionList.list_id) + .then((response) => { + return createRule( + getNewRule({ + name: 'Test exceptions rule', + query: 'agent.name:*', + index: ['exceptions*'], + exceptions_list: [ + { + id: response.body.id, + list_id: exceptionList.list_id, + type: exceptionList.type, + namespace_type: exceptionList.namespace_type, + }, + ], + rule_id: '2', + }) + ); + }) + .then((rule) => { + visit(ruleDetailsUrl(rule.body.id)); + }); + createExceptionListItem(exceptionList.list_id, { + list_id: exceptionList.list_id, + item_id: 'simple_list_item', + tags: [], + type: 'simple', + description: 'Test exception item', + name: 'Sample Exception List Item', + namespace_type: 'single', + entries: [ + { + field: 'unique_value.test', + operator: 'included', + type: 'match_any', + value: ['bar'], + }, + ], + }); + goToExceptionsTab(); + + // can view exceptions + cy.get(NO_EXCEPTIONS_EXIST_PROMPT).should('not.exist'); + cy.get(EXCEPTION_ITEM_VIEWER_CONTAINER).should('have.length', 1); + + // cannot access edit/delete actions of item + cy.get(EXCEPTION_ITEM_ACTIONS_BUTTON).should('have.attr', 'disabled'); + + // does not display add exception button + cy.get(ADD_EXCEPTIONS_BTN_FROM_VIEWER_HEADER).should('not.exist'); + }); + }); + + CAN_ADD_EXCEPTION.forEach((role) => { + it(`${role} can take actions on exception`, () => { + login(role); + createExceptionList(exceptionList, exceptionList.list_id).then((response) => { + createRule( + getNewRule({ + name: 'Test exceptions rule', + query: 'agent.name:*', + index: ['exceptions*'], + exceptions_list: [ + { + id: response.body.id, + list_id: exceptionList.list_id, + type: exceptionList.type, + namespace_type: exceptionList.namespace_type, + }, + ], + rule_id: '2', + }) + ).then((rule) => { + createExceptionListItem(exceptionList.list_id, { + list_id: exceptionList.list_id, + item_id: 'simple_list_item', + tags: [], + type: 'simple', + description: 'Test exception item', + name: 'Sample Exception List Item', + namespace_type: 'single', + entries: [ + { + field: 'unique_value.test', + operator: 'included', + type: 'match_any', + value: ['bar'], + }, + ], + }); + visit(ruleDetailsUrl(rule.body.id)); + }); + }); + goToExceptionsTab(); + + // can view exceptions + cy.get(NO_EXCEPTIONS_EXIST_PROMPT).should('not.exist'); + cy.get(EXCEPTION_ITEM_VIEWER_CONTAINER).should('have.length', 1); + + // can access edit/delete actions of item + cy.get(EXCEPTION_ITEM_ACTIONS_BUTTON).should('not.have.attr', 'disabled'); + + // does not display add exception button + cy.get(ADD_EXCEPTIONS_BTN_FROM_VIEWER_HEADER).should('exist'); + }); + }); + }); +}); diff --git a/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_permissions.ts b/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_permissions.ts index 061e8936bf241..fe4ac0f35910e 100644 --- a/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_permissions.ts +++ b/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_permissions.ts @@ -35,16 +35,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { }); // Run the same set of tests against all of the Security Solution roles - const ROLES: SecurityRoleName[] = [ - 't1_analyst', - 't2_analyst', - 'rule_author', - 'soc_manager', - 'detections_admin', - 'platform_engineer', - 'hunter', - 'hunter_no_actions', - ]; + const ROLES: SecurityRoleName[] = ['detections_admin', 'hunter', 'hunter_no_actions']; for (const role of ROLES) { describe(`when running with user/role [${role}]`, () => {