Configure access to cases

Configure access to casesedit

To access cases in Stack Management, you must have the appropriate Kibana privileges:

Action Kibana privileges

Give full access to manage cases and settings

  • All for the Cases feature under Management.
  • All for the Actions and Connectors feature under Management.

The Actions and Connectors feature privilege is required to create, add, delete, and modify case connectors and to send updates to external systems.

By default, All for the Cases feature includes authority to delete cases and comments and edit case settings unless you customize the sub-feature privileges.

Give assignee access to cases

All for the Cases feature under Management.

Before a user can be assigned to a case, they must log into Kibana at least once, which creates a user profile.

This privilege is also required to add case actions to rules.

Give view-only access to cases

Read for the Cases feature under Management.

By default, Read for the Cases feature does not include authority to delete cases and comments or edit case settings. You can grant this authority by customizing the sub-feature privileges.

Revoke all access to cases

None for the Cases feature under Management.

For more details, refer to Kibana privileges.

If you are using an on-premises Kibana deployment and you want the email notifications and the external incident management systems to contain links back to Kibana, you must configure the server.publicBaseUrl setting.