Cases prerequisitesedit

You can create roles and define feature privileges at different levels to manage feature access in Kibana. Kibana privileges grant access to features within a specified Kibana space, and you can grant full or partial access. For more information, see Feature access based on user privileges.

To send cases to external systems, you need the appropriate license.

If you are using an on-premises Kibana deployment and want the email notifications and the external incident management systems to contain links back to Kibana, you must configure the server.publicBaseUrl setting.

Certain subscriptions and privileges might be required to manage case attachments. For example, to add alerts to cases, you must have privileges for managing alerts.

To grant access to cases, set the Kibana space privileges for the Cases and Actions and Connectors features as follows:

Action Kibana Privileges

Give full access to manage cases and settings

  • All for the Cases feature under Security
  • All for the Actions and Connectors feature under Management

Roles without All Actions and Connectors feature privileges cannot create, add, delete, or modify case connectors.

Give assignee access to cases

  • All for the Cases feature under Security

Before a user can be assigned to a case, they must log into Kibana at least once, which creates a user profile.

Give view-only access for cases

Read for the Security feature and All for the Cases feature

Give access to view and delete cases

Read for the Cases feature under Security with the Delete sub-feature selected

These privileges also enable you to delete comments and alerts from a case.

Revoke all access to cases

None for the Cases feature under Security

Shows privileges needed for cases