From 9c7959d7f1ba5b40d860ac0ca8ae9060af8a87d8 Mon Sep 17 00:00:00 2001
From: Janvi Solanki <123942854+janvi-elastic@users.noreply.github.com>
Date: Tue, 23 Sep 2025 15:20:48 +0530
Subject: [PATCH] [Island Browser] - Fix Cannot execute ILM policy delete step
 (#134636)

This PR focuses on the short term solution which add the logs-island_browser.user-* and
logs-island_browser.device-* indices under the kibana_system role with deletion privileges
to prevent a failed deletion error when the index enters the deletion phase for the ILM lifecycle,
in upcoming PR. As it ships transform pipeline too hence read, write permissions are also required.

(cherry picked from commit ae63901a38f0c364782b0901b7e0f22eb020b4b3)
---
 docs/changelog/134636.yaml                           |  6 ++++++
 .../store/KibanaOwnedReservedRoleDescriptors.java    | 12 +++++++++---
 .../authz/store/ReservedRolesStoreTests.java         |  7 +++++--
 3 files changed, 20 insertions(+), 5 deletions(-)
 create mode 100644 docs/changelog/134636.yaml

diff --git a/docs/changelog/134636.yaml b/docs/changelog/134636.yaml
new file mode 100644
index 0000000000000..fac059b120b4f
--- /dev/null
+++ b/docs/changelog/134636.yaml
@@ -0,0 +1,6 @@
+pr: 134636
+summary: "[Island Browser] Add `manage`, `create_index`, `read`, `index`, `write`, `delete`, permission for third party agent indices `kibana_system`"
+area: Authorization
+type: enhancement
+issues:
+  - 134136
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
index 2f3469b64b9c2..4e5f715a7ed5f 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
@@ -535,11 +535,17 @@ static RoleDescriptor kibanaSystem(String name) {
                         TransportDeleteIndexAction.TYPE.name()
                     )
                     .build(),
-                // For ExtraHop, QualysGAV, and SentinelOne Application Dataset specific actions. Kibana reads, writes and manages this
-                // index
+                // For ExtraHop, QualysGAV, SentinelOne Application Dataset and Island Browser specific actions.
+                // Kibana reads, writes and manages this index
                 // for configured ILM policies.
                 RoleDescriptor.IndicesPrivileges.builder()
-                    .indices("logs-extrahop.investigation-*", "logs-qualys_gav.asset-*", "logs-sentinel_one.application-*")
+                    .indices(
+                        "logs-extrahop.investigation-*",
+                        "logs-qualys_gav.asset-*",
+                        "logs-sentinel_one.application-*",
+                        "logs-island_browser.user-*",
+                        "logs-island_browser.device-*"
+                    )
                     .privileges(
                         "manage",
                         "create_index",
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
index b4d98e90b764b..5f220ad80f526 100644
--- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
+++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
@@ -1914,12 +1914,15 @@ public void testKibanaSystemRole() {
             assertThat(kibanaRole.indices().allowedIndicesMatcher(RolloverAction.NAME).test(indexAbstraction), is(true));
         });
 
-        // Tests for third-party agent indices (ExtraHop, QualysGAV, SentinelOne) that `kibana_system` has full management access to
+        // Tests for third-party agent indices (ExtraHop, QualysGAV, SentinelOne, Island Browser) that `kibana_system`
+        // has full management access to
         // This includes read, write, create, delete, and all ILM-related management actions.
         Arrays.asList(
             "logs-extrahop.investigation-" + randomAlphaOfLength(randomIntBetween(1, 10)),
             "logs-qualys_gav.asset-" + randomAlphaOfLength(randomIntBetween(1, 10)),
-            "logs-sentinel_one.application-" + randomAlphaOfLength(randomIntBetween(1, 10))
+            "logs-sentinel_one.application-" + randomAlphaOfLength(randomIntBetween(1, 10)),
+            "logs-island_browser.user-" + randomAlphaOfLength(randomIntBetween(1, 10)),
+            "logs-island_browser.device-" + randomAlphaOfLength(randomIntBetween(1, 10))
         ).forEach((index_qualys_extra_hop) -> {
             final IndexAbstraction indexAbstraction = mockIndexAbstraction(index_qualys_extra_hop);