diff --git a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts index 84a2f71bb32ab..aa1951cae2816 100644 --- a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts @@ -118,6 +118,7 @@ export const getSecurityBaseKibanaFeature = ({ 'timeline_read', 'notes_write', 'notes_read', + 'bulkGetUserProfiles', ], savedObject: { all: ['alert', ...savedObjects], @@ -159,6 +160,7 @@ export const getSecurityBaseKibanaFeature = ({ 'cloud-defend-read', 'timeline_read', 'notes_read', + 'bulkGetUserProfiles', ], savedObject: { all: [], diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts index 1037cd356699e..a7af378458123 100644 --- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts @@ -87,6 +87,7 @@ export const getSecurityV2BaseKibanaFeature = ({ 'cloud-security-posture-read', 'cloud-defend-all', 'cloud-defend-read', + 'bulkGetUserProfiles', ], savedObject: { all: ['alert', ...savedObjects], @@ -104,7 +105,14 @@ export const getSecurityV2BaseKibanaFeature = ({ read: { app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'], catalogue: [APP_ID], - api: [APP_ID, 'lists-read', 'rac', 'cloud-security-posture-read', 'cloud-defend-read'], + api: [ + APP_ID, + 'lists-read', + 'rac', + 'cloud-security-posture-read', + 'cloud-defend-read', + 'bulkGetUserProfiles', + ], savedObject: { all: [], read: [...savedObjects], diff --git a/x-pack/test/api_integration/apis/cases/bulk_get_user_profiles.ts b/x-pack/test/api_integration/apis/cases/bulk_get_user_profiles.ts index 2d64da015d188..398f6c305d62b 100644 --- a/x-pack/test/api_integration/apis/cases/bulk_get_user_profiles.ts +++ b/x-pack/test/api_integration/apis/cases/bulk_get_user_profiles.ts @@ -21,9 +21,10 @@ import { casesReadUser, obsCasesAllUser, obsCasesReadUser, - secAllCasesNoneUser, secAllUser, secReadCasesReadUser, + secAllCasesNoneUser, + secNoneUser, } from './common/users'; export default ({ getService }: FtrProviderContext): void => { @@ -67,6 +68,7 @@ export default ({ getService }: FtrProviderContext): void => { { user: secReadCasesReadUser }, { user: casesReadUser }, { user: obsCasesReadUser }, + { user: secAllCasesNoneUser }, ]) { it(`User ${ user.username @@ -82,7 +84,7 @@ export default ({ getService }: FtrProviderContext): void => { }); } - for (const { user } of [{ user: secAllCasesNoneUser }]) { + for (const { user } of [{ user: secNoneUser }]) { it(`User ${ user.username } with roles(s) ${user.roles.join()} cannot bulk get user profiles because they lack the bulkGetUserProfiles privilege`, async () => { diff --git a/x-pack/test/api_integration/apis/cases/common/roles.ts b/x-pack/test/api_integration/apis/cases/common/roles.ts index f27ce68f1ddf2..4797924b129d5 100644 --- a/x-pack/test/api_integration/apis/cases/common/roles.ts +++ b/x-pack/test/api_integration/apis/cases/common/roles.ts @@ -384,6 +384,30 @@ export const secReadCasesNone: Role = { }, }; +export const secNone: Role = { + name: 'sec_none_role_api_int', + privileges: { + elasticsearch: { + indices: [ + { + names: ['*'], + privileges: ['all'], + }, + ], + }, + kibana: [ + { + feature: { + siem: [], + actions: ['all'], + actionsSimulators: ['all'], + }, + spaces: ['*'], + }, + ], + }, +}; + /** * Roles for Cases in the stack */ diff --git a/x-pack/test/api_integration/apis/cases/common/users.ts b/x-pack/test/api_integration/apis/cases/common/users.ts index b4f8d3d6c4f5e..47056b15a5a4b 100644 --- a/x-pack/test/api_integration/apis/cases/common/users.ts +++ b/x-pack/test/api_integration/apis/cases/common/users.ts @@ -36,6 +36,7 @@ import { secReadCasesAll, secReadCasesNone, secReadCasesRead, + secNone, casesV2NoReopenWithCreateComment, obsCasesV2NoReopenWithCreateComment, secCasesV2NoReopenWithCreateComment, @@ -132,6 +133,12 @@ export const secReadUser: User = { roles: [secRead.name], }; +export const secNoneUser: User = { + username: 'sec_none_user_api_int', + password: 'password', + roles: [secNone.name], +}; + export const secReadCasesNoneUser: User = { username: 'sec_read_cases_none_user_api_int', password: 'password', @@ -297,6 +304,7 @@ export const users = [ secReadCasesAllUser, secReadCasesReadUser, secReadUser, + secNoneUser, secReadCasesNoneUser, casesOnlyDeleteUser, casesOnlyReadDeleteUser, diff --git a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts index 4420a0560b4af..fff45cc31bdb5 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts @@ -219,6 +219,7 @@ export default function ({ getService }: FtrProviderContext) { "api:cloud-security-posture-read", "api:cloud-defend-all", "api:cloud-defend-read", + "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", "api:securitySolution-threat-intelligence", "api:securitySolution-showEndpointExceptions", @@ -838,12 +839,11 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:search-session/delete", "saved_object:search-session/bulk_delete", "saved_object:search-session/share_to_space", - "ui:discover/show", - "ui:discover/save", - "ui:discover/saveQuery", - "ui:discover/createShortUrl", - "ui:discover/storeSearchSession", - "ui:discover/generateCsv", + "ui:discover_v2/show", + "ui:discover_v2/save", + "ui:discover_v2/createShortUrl", + "ui:discover_v2/storeSearchSession", + "ui:discover_v2/generateCsv", "api:bulkGetUserProfiles", "api:dashboardUsageStats", "api:downloadCsv", @@ -1079,6 +1079,7 @@ export default function ({ getService }: FtrProviderContext) { "api:cloud-security-posture-read", "api:cloud-defend-all", "api:cloud-defend-read", + "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", "api:securitySolution-threat-intelligence", "app:securitySolution", @@ -1694,12 +1695,11 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:search-session/delete", "saved_object:search-session/bulk_delete", "saved_object:search-session/share_to_space", - "ui:discover/show", - "ui:discover/save", - "ui:discover/saveQuery", - "ui:discover/createShortUrl", - "ui:discover/storeSearchSession", - "ui:discover/generateCsv", + "ui:discover_v2/show", + "ui:discover_v2/save", + "ui:discover_v2/createShortUrl", + "ui:discover_v2/storeSearchSession", + "ui:discover_v2/generateCsv", "api:bulkGetUserProfiles", "api:dashboardUsageStats", "api:downloadCsv", @@ -1797,6 +1797,7 @@ export default function ({ getService }: FtrProviderContext) { "api:rac", "api:cloud-security-posture-read", "api:cloud-defend-read", + "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", "api:securitySolution-threat-intelligence", "app:securitySolution", @@ -2070,13 +2071,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:search/find", "saved_object:search/open_point_in_time", "saved_object:search/close_point_in_time", - "saved_object:query/bulk_get", - "saved_object:query/get", - "saved_object:query/find", - "saved_object:query/open_point_in_time", - "saved_object:query/close_point_in_time", - "ui:discover/show", - "ui:discover/createShortUrl", + "ui:discover_v2/show", + "ui:discover_v2/createShortUrl", "api:bulkGetUserProfiles", "api:dashboardUsageStats", "app:dashboards", @@ -2167,6 +2163,7 @@ export default function ({ getService }: FtrProviderContext) { "api:rac", "api:cloud-security-posture-read", "api:cloud-defend-read", + "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", "api:securitySolution-threat-intelligence", "api:securitySolution-showEndpointExceptions", @@ -2442,13 +2439,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:search/find", "saved_object:search/open_point_in_time", "saved_object:search/close_point_in_time", - "saved_object:query/bulk_get", - "saved_object:query/get", - "saved_object:query/find", - "saved_object:query/open_point_in_time", - "saved_object:query/close_point_in_time", - "ui:discover/show", - "ui:discover/createShortUrl", + "ui:discover_v2/show", + "ui:discover_v2/createShortUrl", "api:bulkGetUserProfiles", "api:dashboardUsageStats", "app:dashboards",