diff --git a/docs/getting-started/defend-feature-privs.asciidoc b/docs/getting-started/defend-feature-privs.asciidoc index 9abfed2f32..35b341f3d3 100644 --- a/docs/getting-started/defend-feature-privs.asciidoc +++ b/docs/getting-started/defend-feature-privs.asciidoc @@ -12,7 +12,11 @@ To configure roles and privileges, find **Roles** in the navigation menu or by u NOTE: {elastic-defend}'s feature privileges must be assigned to *All Spaces*. You can't assign them to an individual space. -To grant access, select *All* for the *Security* feature in the *{kib} privileges* configuration UI, then turn on the *Customize sub-feature privileges* switch. For each of the following sub-feature privileges, select the type of access you want to allow: +To grant access, select *All* for the *Security* feature in the *Assign role to space* configuration UI, then turn on the *Customize sub-feature privileges* switch. + +IMPORTANT: Selecting **All** for the overall **Security** feature does NOT enable any sub-features. You must also enable the **Customize sub-feature privileges** switch, and then enable each sub-feature privilege individually. + +For each of the following sub-feature privileges, select the type of access you want to allow: * *All*: Users have full access to the feature, which includes performing all available actions and managing configuration. * *Read*: Users can view the feature, but can't perform any actions or manage configuration (some features don't have this privilege). diff --git a/docs/serverless/edr-install-config/defend-feature-privs.asciidoc b/docs/serverless/edr-install-config/defend-feature-privs.asciidoc index f318ac460b..353ca6997f 100644 --- a/docs/serverless/edr-install-config/defend-feature-privs.asciidoc +++ b/docs/serverless/edr-install-config/defend-feature-privs.asciidoc @@ -8,14 +8,18 @@ preview:[] You can create user roles and define privileges to manage feature access in {elastic-sec}. This allows you to use the principle of least privilege while managing access to {elastic-defend}'s features. -Configure roles and privileges in **Stack Management** → **Custom Roles**. For more details on using this UI, refer to <>. +To configure roles and privileges, find **Roles** in the navigation menu or by using the global search field. For more details on using this UI, refer to <>. [NOTE] ==== {elastic-defend}'s feature privileges must be assigned to **All Spaces**. You can't assign them to an individual space. ==== -To grant access, select **All** for the **Security** feature in the **{kib} privileges** configuration UI, then turn on the **Customize sub-feature privileges** switch. For each of the following sub-feature privileges, select the type of access you want to allow: +To grant access, select **All** for the **Security** feature in the **Assign role to space** configuration UI, then turn on the **Customize sub-feature privileges** switch. + +IMPORTANT: Selecting **All** for the overall **Security** feature does NOT enable any sub-features. You must also enable the **Customize sub-feature privileges** switch, and then enable each sub-feature privilege individually. + +For each of the following sub-feature privileges, select the type of access you want to allow: * **All**: Users have full access to the feature, which includes performing all available actions and managing configuration. * **Read**: Users can view the feature, but can't perform any actions or manage configuration (some features don't have this privilege).