diff --git a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts index 84a2f71bb32ab..aa1951cae2816 100644 --- a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts @@ -118,6 +118,7 @@ export const getSecurityBaseKibanaFeature = ({ 'timeline_read', 'notes_write', 'notes_read', + 'bulkGetUserProfiles', ], savedObject: { all: ['alert', ...savedObjects], @@ -159,6 +160,7 @@ export const getSecurityBaseKibanaFeature = ({ 'cloud-defend-read', 'timeline_read', 'notes_read', + 'bulkGetUserProfiles', ], savedObject: { all: [], diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts index 1037cd356699e..a7af378458123 100644 --- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts @@ -87,6 +87,7 @@ export const getSecurityV2BaseKibanaFeature = ({ 'cloud-security-posture-read', 'cloud-defend-all', 'cloud-defend-read', + 'bulkGetUserProfiles', ], savedObject: { all: ['alert', ...savedObjects], @@ -104,7 +105,14 @@ export const getSecurityV2BaseKibanaFeature = ({ read: { app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'], catalogue: [APP_ID], - api: [APP_ID, 'lists-read', 'rac', 'cloud-security-posture-read', 'cloud-defend-read'], + api: [ + APP_ID, + 'lists-read', + 'rac', + 'cloud-security-posture-read', + 'cloud-defend-read', + 'bulkGetUserProfiles', + ], savedObject: { all: [], read: [...savedObjects], diff --git a/x-pack/test/api_integration/apis/cases/bulk_get_user_profiles.ts b/x-pack/test/api_integration/apis/cases/bulk_get_user_profiles.ts index 2d64da015d188..398f6c305d62b 100644 --- a/x-pack/test/api_integration/apis/cases/bulk_get_user_profiles.ts +++ b/x-pack/test/api_integration/apis/cases/bulk_get_user_profiles.ts @@ -21,9 +21,10 @@ import { casesReadUser, obsCasesAllUser, obsCasesReadUser, - secAllCasesNoneUser, secAllUser, secReadCasesReadUser, + secAllCasesNoneUser, + secNoneUser, } from './common/users'; export default ({ getService }: FtrProviderContext): void => { @@ -67,6 +68,7 @@ export default ({ getService }: FtrProviderContext): void => { { user: secReadCasesReadUser }, { user: casesReadUser }, { user: obsCasesReadUser }, + { user: secAllCasesNoneUser }, ]) { it(`User ${ user.username @@ -82,7 +84,7 @@ export default ({ getService }: FtrProviderContext): void => { }); } - for (const { user } of [{ user: secAllCasesNoneUser }]) { + for (const { user } of [{ user: secNoneUser }]) { it(`User ${ user.username } with roles(s) ${user.roles.join()} cannot bulk get user profiles because they lack the bulkGetUserProfiles privilege`, async () => { diff --git a/x-pack/test/api_integration/apis/cases/common/roles.ts b/x-pack/test/api_integration/apis/cases/common/roles.ts index f27ce68f1ddf2..4797924b129d5 100644 --- a/x-pack/test/api_integration/apis/cases/common/roles.ts +++ b/x-pack/test/api_integration/apis/cases/common/roles.ts @@ -384,6 +384,30 @@ export const secReadCasesNone: Role = { }, }; +export const secNone: Role = { + name: 'sec_none_role_api_int', + privileges: { + elasticsearch: { + indices: [ + { + names: ['*'], + privileges: ['all'], + }, + ], + }, + kibana: [ + { + feature: { + siem: [], + actions: ['all'], + actionsSimulators: ['all'], + }, + spaces: ['*'], + }, + ], + }, +}; + /** * Roles for Cases in the stack */ diff --git a/x-pack/test/api_integration/apis/cases/common/users.ts b/x-pack/test/api_integration/apis/cases/common/users.ts index b4f8d3d6c4f5e..47056b15a5a4b 100644 --- a/x-pack/test/api_integration/apis/cases/common/users.ts +++ b/x-pack/test/api_integration/apis/cases/common/users.ts @@ -36,6 +36,7 @@ import { secReadCasesAll, secReadCasesNone, secReadCasesRead, + secNone, casesV2NoReopenWithCreateComment, obsCasesV2NoReopenWithCreateComment, secCasesV2NoReopenWithCreateComment, @@ -132,6 +133,12 @@ export const secReadUser: User = { roles: [secRead.name], }; +export const secNoneUser: User = { + username: 'sec_none_user_api_int', + password: 'password', + roles: [secNone.name], +}; + export const secReadCasesNoneUser: User = { username: 'sec_read_cases_none_user_api_int', password: 'password', @@ -297,6 +304,7 @@ export const users = [ secReadCasesAllUser, secReadCasesReadUser, secReadUser, + secNoneUser, secReadCasesNoneUser, casesOnlyDeleteUser, casesOnlyReadDeleteUser, diff --git a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts index 1f0af1c372407..034f84b262219 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts @@ -229,6 +229,7 @@ export default function ({ getService }: FtrProviderContext) { "api:cloud-security-posture-read", "api:cloud-defend-all", "api:cloud-defend-read", + "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", "api:securitySolution-threat-intelligence", "api:securitySolution-showEndpointExceptions", @@ -839,7 +840,6 @@ export default function ({ getService }: FtrProviderContext) { "ui:discover_v2/createShortUrl", "ui:discover_v2/storeSearchSession", "ui:discover_v2/generateCsv", - "api:bulkGetUserProfiles", "api:dashboardUsageStats", "api:downloadCsv", "app:dashboards", @@ -1071,6 +1071,7 @@ export default function ({ getService }: FtrProviderContext) { "api:cloud-security-posture-read", "api:cloud-defend-all", "api:cloud-defend-read", + "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", "api:securitySolution-threat-intelligence", "app:securitySolution", @@ -1677,7 +1678,6 @@ export default function ({ getService }: FtrProviderContext) { "ui:discover_v2/createShortUrl", "ui:discover_v2/storeSearchSession", "ui:discover_v2/generateCsv", - "api:bulkGetUserProfiles", "api:dashboardUsageStats", "api:downloadCsv", "app:dashboards", @@ -1771,6 +1771,7 @@ export default function ({ getService }: FtrProviderContext) { "api:rac", "api:cloud-security-posture-read", "api:cloud-defend-read", + "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", "api:securitySolution-threat-intelligence", "app:securitySolution", @@ -2045,7 +2046,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:search/close_point_in_time", "ui:discover_v2/show", "ui:discover_v2/createShortUrl", - "api:bulkGetUserProfiles", "api:dashboardUsageStats", "app:dashboards", "ui:catalogue/dashboard", @@ -2135,6 +2135,7 @@ export default function ({ getService }: FtrProviderContext) { "api:rac", "api:cloud-security-posture-read", "api:cloud-defend-read", + "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", "api:securitySolution-threat-intelligence", "api:securitySolution-showEndpointExceptions", @@ -2411,7 +2412,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:search/close_point_in_time", "ui:discover_v2/show", "ui:discover_v2/createShortUrl", - "api:bulkGetUserProfiles", "api:dashboardUsageStats", "app:dashboards", "ui:catalogue/dashboard",