From 34386c0415e4f7044799b151973cf4ec44c091a6 Mon Sep 17 00:00:00 2001
From: Krishna Chaitanya Reddy Burri <krishnachaitanyareddy.burri@elastic.co>
Date: Wed, 19 Nov 2025 14:09:38 +0530
Subject: [PATCH] Add prisma_cloud data streams to kibana_system role
 permissions (#138218)

Adding logs-prisma_cloud.misconfiguration-* and logs-prisma_cloud.vulnerability-* data stream indices to the kibana_system privileges. This is required for the latest transform to work.

(cherry picked from commit 39d2bb8a52cab625884a422685efeabc107cbe22)
---
 .../authz/store/KibanaOwnedReservedRoleDescriptors.java         | 2 ++
 .../core/security/authz/store/ReservedRolesStoreTests.java      | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
index 84a6e7d955613..440f090cd7e90 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
@@ -491,6 +491,8 @@ static RoleDescriptor kibanaSystem(String name) {
                         "logs-m365_defender.vulnerability-*",
                         "logs-microsoft_defender_endpoint.vulnerability-*",
                         "logs-microsoft_defender_cloud.assessment-*",
+                        "logs-prisma_cloud.misconfiguration-*",
+                        "logs-prisma_cloud.vulnerability-*",
                         "logs-sentinel_one.application_risk-*"
                     )
                     .privileges(
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
index 90fbd3812a848..0ff83bcb49ca2 100644
--- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
+++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
@@ -1701,6 +1701,8 @@ public void testKibanaSystemRole() {
             "logs-m365_defender.vulnerability-" + randomAlphaOfLength(randomIntBetween(0, 13)),
             "logs-microsoft_defender_endpoint.vulnerability-" + randomAlphaOfLength(randomIntBetween(0, 13)),
             "logs-microsoft_defender_cloud.assessment-" + randomAlphaOfLength(randomIntBetween(0, 13)),
+            "logs-prisma_cloud.misconfiguration-" + randomAlphaOfLength(randomIntBetween(0, 13)),
+            "logs-prisma_cloud.vulnerability-" + randomAlphaOfLength(randomIntBetween(0, 13)),
             "logs-sentinel_one.application_risk-" + randomAlphaOfLength(randomIntBetween(0, 13))
         ).forEach(indexName -> {
             final IndexAbstraction indexAbstraction = mockIndexAbstraction(indexName);