Configure access to casesedit

To access and send cases to external systems, you need the appropriate license, and your role must have the Cases Kibana privilege as a user for the Observability feature.

Here are the minimum required privileges:

Action Kibana Privileges

Give full access to manage cases and settings

  • All for the Cases feature under Observability.
  • All for the Actions and Connectors feature under Management.

Roles without All Actions and Connectors feature privileges cannot create, add, delete, or modify case connectors.

By default, All for the Cases feature includes authority to delete cases, delete alerts and comments from cases, and edit case settings unless you customize the sub-feature privileges.

Give assignee access to cases

All for the Cases feature under Observability.

Before a user can be assigned to a case, they must log into Kibana at least once, which creates a user profile.

Give view-only access for cases

Read for the Cases feature under Observability.

By default, Read for the Cases feature does not include authority to delete cases or delete alerts and comments from cases. You also cannot view or edit case settings. You can enable these actions by customizing the sub-feature privileges.

Give access to add alerts to cases

  • All for the Cases feature under Observability.
  • Read for an Observability feature that has alerts.

Revoke all access to cases

None for the Cases feature under Observability.

If you are using an on-premises Kibana deployment and want your email notifications and external incident management systems to contain links back to Kibana, configure the server.publicBaseUrl setting.

For more details, refer to feature access based on user privileges.

cases privileges