› ›

Configure access to cases

To access and send cases to external systems, you need the appropriate license, and your role must have the Cases Kibana privilege as a user for the Observability feature.

Here are the minimum required privileges:

Action	Kibana Privileges
Give full access to manage cases and settings	`All` for the Cases feature under Observability. `All` for the Actions and Connectors feature under Management. Roles without `All` Actions and Connectors feature privileges cannot create, add, delete, or modify case connectors. By default, `All` for the Cases feature includes authority to delete cases, delete alerts and comments from cases, and edit case settings unless you customize the sub-feature privileges.
Give assignee access to cases	`All` for the Cases feature under Observability. Before a user can be assigned to a case, they must log into Kibana at least once, which creates a user profile.
Give view-only access for cases	`Read` for the Cases feature under Observability. By default, `Read` for the Cases feature does not include authority to delete cases or delete alerts and comments from cases. You also cannot view or edit case settings. You can enable these actions by customizing the sub-feature privileges.
Give access to add alerts to cases	`All` for the Cases feature under Observability. `Read` for an Observability feature that has alerts.
Revoke all access to cases	`None` for the Cases feature under Observability.

If you are using an on-premises Kibana deployment and want your email notifications and external incident management systems to contain links back to Kibana, configure the server.publicBaseUrl setting.

For more details, refer to feature access based on user privileges.

« Cases Open and manage new cases »