From 98dffd425f2559c47f248273034e560bdc04e79b Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 18 Mar 2025 19:39:12 -0400 Subject: [PATCH] First draft --- explore-analyze/alerts-cases/cases/setup-cases.md | 2 +- .../incident-management/configure-access-to-cases.md | 2 +- solutions/security/investigate/cases-requirements.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/explore-analyze/alerts-cases/cases/setup-cases.md b/explore-analyze/alerts-cases/cases/setup-cases.md index 3fb11da9cd..ade05ccb70 100644 --- a/explore-analyze/alerts-cases/cases/setup-cases.md +++ b/explore-analyze/alerts-cases/cases/setup-cases.md @@ -20,7 +20,7 @@ To access cases in **{{stack-manage-app}}**, you must have the appropriate {{kib ::::{note} The **{{connectors-feature}}** feature privilege is required to create, add, delete, and modify case connectors and to send updates to external systems. -By default, `All` for the **Cases** feature includes authority to delete cases and comments, edit case settings, add case comments and attachments, and re-open cases unless you customize the sub-feature privileges. +By default, `All` for the **Cases** feature allows you to have full control over cases, including deleting them, editing case settings, and more. You can customize the sub-feature privileges to limit feature access. :::: diff --git a/solutions/observability/incident-management/configure-access-to-cases.md b/solutions/observability/incident-management/configure-access-to-cases.md index dcfa328096..5c4b2276ce 100644 --- a/solutions/observability/incident-management/configure-access-to-cases.md +++ b/solutions/observability/incident-management/configure-access-to-cases.md @@ -30,7 +30,7 @@ Below are the minimum required privileges for some common use cases. ::::{note} Roles without `All` **{{connectors-feature}}** feature privileges cannot create, add, delete, or modify case connectors. - By default, `All` for the **Cases** feature includes authority to delete cases, delete alerts and comments from cases, edit case settings, add case comments and attachments, and re-open cases unless you customize the sub-feature privileges. + By default, `All` for the **Cases** feature allows you to have full control over cases, including deleting them, editing case settings, and more. You can customize the sub-feature privileges to limit feature access. :::: diff --git a/solutions/security/investigate/cases-requirements.md b/solutions/security/investigate/cases-requirements.md index 0bc95b0533..44d9f12e76 100644 --- a/solutions/security/investigate/cases-requirements.md +++ b/solutions/security/investigate/cases-requirements.md @@ -25,7 +25,7 @@ To grant access to cases in a custom role, set the privileges for the **Cases** | Action | {{kib}} Privileges | | --- | --- | -| Give full access to manage cases and settings | - **All** for the **Cases** feature under **Security**
- **All** for the **{{connectors-feature}}** feature under **Management**

**Note:** Roles without **All** privileges for the **{{connectors-feature}}** feature cannot create, add, delete, or modify case connectors. By default, **All** for the **Cases** feature allows you to delete cases, delete alerts and comments from cases, and edit case settings. You can customize the sub-feature privileges to limit feature access.



| +| Give full access to manage cases and settings | - **All** for the **Cases** feature under **Security**
- **All** for the **{{connectors-feature}}** feature under **Management**

**Note:** Roles without **All** privileges for the **{{connectors-feature}}** feature cannot create, add, delete, or modify case connectors.

By default, **All** for the **Cases** feature allows you to have full control over cases, including deleting them, editing case settings, and more.



| | Give assignee access to cases | **All** for the **Cases** feature under **Security**

**Note:** Before a user can be assigned to a case, they must log into {{kib}} at least once, which creates a user profile.

| | Give view-only access for cases | **Read** for the **Security** feature and **All** for the **Cases** feature

**Note:** You can customize the sub-feature privileges to allow access to deleting cases, deleting alerts and comments from cases, viewing or editing case settings, adding case comments and attachments, and re-opening cases.

| | Revoke all access to cases | **None** for the **Cases** feature under **Security** |