Configure access to cases

edit

To access and send cases to external systems, you need the appropriate license, and your role must have the Cases Kibana privilege as a user for the Observability feature.

Here are the minimum required privileges:

Action Kibana Privileges

Give full access to manage cases and settings

  • All for the Cases feature under Observability.
  • All for the Actions and Connectors feature under Management.

Roles without All Actions and Connectors feature privileges cannot create, add, delete, or modify case connectors.

By default, All for the Cases feature includes authority to delete cases, delete alerts and comments from cases, edit case settings, add case comments and attachments, and re-open cases unless you customize the sub-feature privileges.

Give assignee access to cases

All for the Cases feature under Observability.

Before a user can be assigned to a case, they must log into Kibana at least once, which creates a user profile.

Give view-only access for cases

Read for the Cases feature under Observability.

You can customize sub-feature privileges for deleting cases, deleting alerts and comments from cases, editing case settings, adding case comments and attachements, and re-opening cases.

Give access to add alerts to cases

  • All for the Cases feature under Observability.
  • Read for an Observability feature that has alerts.

Revoke all access to cases

None for the Cases feature under Observability.

If you are using an on-premises Kibana deployment and want your email notifications and external incident management systems to contain links back to Kibana, configure the server.publicBaseUrl setting.

For more details, refer to feature access based on user privileges.

cases privileges