From 863f7b3a5dd3df53adc720d3a21dc395b2dee8e2 Mon Sep 17 00:00:00 2001
From: Janki Salvi <jankigaurav.salvi@elastic.co>
Date: Fri, 20 Sep 2024 14:30:02 +0100
Subject: [PATCH] added internal access for cases, connectors, actions, rule
 registry

---
 .../server/routes/connector/get_all_system/get_all_system.ts   | 3 +++
 .../routes/connector/list_types_system/list_types_system.ts    | 3 +++
 .../plugins/actions/server/routes/get_global_execution_kpi.ts  | 3 +++
 .../plugins/actions/server/routes/get_global_execution_logs.ts | 3 +++
 x-pack/plugins/actions/server/routes/get_oauth_access_token.ts | 3 +++
 .../cases/server/routes/api/cases/categories/get_categories.ts | 3 +++
 x-pack/plugins/cases/server/routes/api/cases/get_case.ts       | 3 +++
 .../server/routes/api/internal/bulk_create_attachments.ts      | 3 +++
 .../server/routes/api/internal/bulk_delete_file_attachments.ts | 3 +++
 .../cases/server/routes/api/internal/bulk_get_attachments.ts   | 3 +++
 .../plugins/cases/server/routes/api/internal/bulk_get_cases.ts | 3 +++
 .../cases/server/routes/api/internal/get_case_metrics.ts       | 3 +++
 .../server/routes/api/internal/get_case_user_actions_stats.ts  | 3 +++
 .../plugins/cases/server/routes/api/internal/get_case_users.ts | 3 +++
 .../cases/server/routes/api/internal/get_cases_metrics.ts      | 3 +++
 .../plugins/cases/server/routes/api/internal/get_connectors.ts | 3 +++
 .../cases/server/routes/api/internal/replace_custom_field.ts   | 3 +++
 .../cases/server/routes/api/internal/suggest_user_profiles.ts  | 1 +
 .../plugins/rule_registry/server/routes/bulk_update_alerts.ts  | 1 +
 x-pack/plugins/rule_registry/server/routes/find.ts             | 1 +
 .../rule_registry/server/routes/get_aad_fields_by_rule_type.ts | 1 +
 x-pack/plugins/rule_registry/server/routes/get_alert_by_id.ts  | 1 +
 x-pack/plugins/rule_registry/server/routes/get_alert_index.ts  | 1 +
 .../plugins/rule_registry/server/routes/get_alert_summary.ts   | 1 +
 .../server/routes/get_alerts_group_aggregations.ts             | 1 +
 .../server/routes/get_browser_fields_by_feature_id.ts          | 1 +
 .../server/routes/get_feature_ids_by_registration_contexts.ts  | 1 +
 .../plugins/rule_registry/server/routes/update_alert_by_id.ts  | 1 +
 .../server/routes/get_well_known_email_service.ts              | 3 +++
 .../stack_connectors/server/routes/valid_slack_api_channels.ts | 3 +++
 .../plugins/triggers_actions_ui/server/data/routes/fields.ts   | 3 +++
 .../plugins/triggers_actions_ui/server/data/routes/indices.ts  | 3 +++
 .../server/data/routes/time_series_query.ts                    | 3 +++
 x-pack/plugins/triggers_actions_ui/server/routes/config.ts     | 3 +++
 x-pack/plugins/triggers_actions_ui/server/routes/health.ts     | 3 +++
 35 files changed, 83 insertions(+)

diff --git a/x-pack/plugins/actions/server/routes/connector/get_all_system/get_all_system.ts b/x-pack/plugins/actions/server/routes/connector/get_all_system/get_all_system.ts
index 9ba51287c56fd8..747d97e5ba8a3f 100644
--- a/x-pack/plugins/actions/server/routes/connector/get_all_system/get_all_system.ts
+++ b/x-pack/plugins/actions/server/routes/connector/get_all_system/get_all_system.ts
@@ -21,6 +21,9 @@ export const getAllConnectorsIncludingSystemRoute = (
     {
       path: `${INTERNAL_BASE_ACTION_API_PATH}/connectors`,
       validate: {},
+      options: {
+        access: 'internal',
+      },
     },
     router.handleLegacyErrors(
       verifyAccessAndContext(licenseState, async function (context, req, res) {
diff --git a/x-pack/plugins/actions/server/routes/connector/list_types_system/list_types_system.ts b/x-pack/plugins/actions/server/routes/connector/list_types_system/list_types_system.ts
index 6611830f6a3c79..c43912ecbc7e44 100644
--- a/x-pack/plugins/actions/server/routes/connector/list_types_system/list_types_system.ts
+++ b/x-pack/plugins/actions/server/routes/connector/list_types_system/list_types_system.ts
@@ -27,6 +27,9 @@ export const listTypesWithSystemRoute = (
       validate: {
         query: connectorTypesQuerySchemaV1,
       },
+      options: {
+        access: 'internal',
+      },
     },
     router.handleLegacyErrors(
       verifyAccessAndContext(licenseState, async function (context, req, res) {
diff --git a/x-pack/plugins/actions/server/routes/get_global_execution_kpi.ts b/x-pack/plugins/actions/server/routes/get_global_execution_kpi.ts
index 978a957b70ce87..93034745584a78 100644
--- a/x-pack/plugins/actions/server/routes/get_global_execution_kpi.ts
+++ b/x-pack/plugins/actions/server/routes/get_global_execution_kpi.ts
@@ -45,6 +45,9 @@ export const getGlobalExecutionKPIRoute = (
       validate: {
         body: bodySchema,
       },
+      options: {
+        access: 'internal',
+      },
     },
     router.handleLegacyErrors(
       verifyAccessAndContext(licenseState, async function (context, req, res) {
diff --git a/x-pack/plugins/actions/server/routes/get_global_execution_logs.ts b/x-pack/plugins/actions/server/routes/get_global_execution_logs.ts
index 959ab2b62b0900..d42ce07a814cf1 100644
--- a/x-pack/plugins/actions/server/routes/get_global_execution_logs.ts
+++ b/x-pack/plugins/actions/server/routes/get_global_execution_logs.ts
@@ -57,6 +57,9 @@ export const getGlobalExecutionLogRoute = (
       validate: {
         body: bodySchema,
       },
+      options: {
+        access: 'internal',
+      },
     },
     router.handleLegacyErrors(
       verifyAccessAndContext(licenseState, async function (context, req, res) {
diff --git a/x-pack/plugins/actions/server/routes/get_oauth_access_token.ts b/x-pack/plugins/actions/server/routes/get_oauth_access_token.ts
index e556a5f6c9fbcd..b703c0de220f1b 100644
--- a/x-pack/plugins/actions/server/routes/get_oauth_access_token.ts
+++ b/x-pack/plugins/actions/server/routes/get_oauth_access_token.ts
@@ -66,6 +66,9 @@ export const getOAuthAccessToken = (
       validate: {
         body: bodySchema,
       },
+      options: {
+        access: 'internal',
+      },
     },
     router.handleLegacyErrors(
       verifyAccessAndContext(licenseState, async function (context, req, res) {
diff --git a/x-pack/plugins/cases/server/routes/api/cases/categories/get_categories.ts b/x-pack/plugins/cases/server/routes/api/cases/categories/get_categories.ts
index fa3d2b6a3ade2b..3cf1550e10f841 100644
--- a/x-pack/plugins/cases/server/routes/api/cases/categories/get_categories.ts
+++ b/x-pack/plugins/cases/server/routes/api/cases/categories/get_categories.ts
@@ -13,6 +13,9 @@ import type { caseApiV1 } from '../../../../../common/types/api';
 export const getCategoriesRoute = createCasesRoute({
   method: 'get',
   path: INTERNAL_GET_CASE_CATEGORIES_URL,
+  routerOptions: {
+    access: 'internal',
+  },
   handler: async ({ context, request, response }) => {
     try {
       const caseContext = await context.cases;
diff --git a/x-pack/plugins/cases/server/routes/api/cases/get_case.ts b/x-pack/plugins/cases/server/routes/api/cases/get_case.ts
index b988a85aa052c2..831a7be129f70b 100644
--- a/x-pack/plugins/cases/server/routes/api/cases/get_case.ts
+++ b/x-pack/plugins/cases/server/routes/api/cases/get_case.ts
@@ -77,6 +77,9 @@ export const getCaseRoute = createCasesRoute({
 export const resolveCaseRoute = createCasesRoute({
   method: 'get',
   path: `${CASE_DETAILS_URL}/resolve`,
+  routerOptions: {
+    access: 'internal',
+  },
   params,
   handler: async ({ context, request, response }) => {
     try {
diff --git a/x-pack/plugins/cases/server/routes/api/internal/bulk_create_attachments.ts b/x-pack/plugins/cases/server/routes/api/internal/bulk_create_attachments.ts
index 8074d8e626ea7c..18ae3d1cf74e0b 100644
--- a/x-pack/plugins/cases/server/routes/api/internal/bulk_create_attachments.ts
+++ b/x-pack/plugins/cases/server/routes/api/internal/bulk_create_attachments.ts
@@ -22,6 +22,9 @@ export const bulkCreateAttachmentsRoute = createCasesRoute({
     }),
     body: schema.arrayOf(escapeHatch),
   },
+  routerOptions: {
+    access: 'internal',
+  },
   handler: async ({ context, request, response }) => {
     try {
       const casesContext = await context.cases;
diff --git a/x-pack/plugins/cases/server/routes/api/internal/bulk_delete_file_attachments.ts b/x-pack/plugins/cases/server/routes/api/internal/bulk_delete_file_attachments.ts
index 42fd25bb5c7b9f..3e92c11766cd0f 100644
--- a/x-pack/plugins/cases/server/routes/api/internal/bulk_delete_file_attachments.ts
+++ b/x-pack/plugins/cases/server/routes/api/internal/bulk_delete_file_attachments.ts
@@ -24,6 +24,9 @@ export const bulkDeleteFileAttachments = createCasesRoute({
     }),
     body: escapeHatch,
   },
+  routerOptions: {
+    access: 'internal',
+  },
   handler: async ({ context, request, response }) => {
     try {
       const caseContext = await context.cases;
diff --git a/x-pack/plugins/cases/server/routes/api/internal/bulk_get_attachments.ts b/x-pack/plugins/cases/server/routes/api/internal/bulk_get_attachments.ts
index e747d0304e24a3..f1e42a3cc87725 100644
--- a/x-pack/plugins/cases/server/routes/api/internal/bulk_get_attachments.ts
+++ b/x-pack/plugins/cases/server/routes/api/internal/bulk_get_attachments.ts
@@ -24,6 +24,9 @@ export const bulkGetAttachmentsRoute = createCasesRoute({
     }),
     body: escapeHatch,
   },
+  routerOptions: {
+    access: 'internal',
+  },
   handler: async ({ context, request, response }) => {
     try {
       const caseContext = await context.cases;
diff --git a/x-pack/plugins/cases/server/routes/api/internal/bulk_get_cases.ts b/x-pack/plugins/cases/server/routes/api/internal/bulk_get_cases.ts
index 329cfc2483031a..1ea9ae8a297784 100644
--- a/x-pack/plugins/cases/server/routes/api/internal/bulk_get_cases.ts
+++ b/x-pack/plugins/cases/server/routes/api/internal/bulk_get_cases.ts
@@ -17,6 +17,9 @@ export const bulkGetCasesRoute = createCasesRoute({
   params: {
     body: escapeHatch,
   },
+  routerOptions: {
+    access: 'internal',
+  },
   handler: async ({ context, request, response }) => {
     const params = request.body as caseApiV1.CasesBulkGetRequest;
 
diff --git a/x-pack/plugins/cases/server/routes/api/internal/get_case_metrics.ts b/x-pack/plugins/cases/server/routes/api/internal/get_case_metrics.ts
index 26e83adbc186a3..61215828be0b0f 100644
--- a/x-pack/plugins/cases/server/routes/api/internal/get_case_metrics.ts
+++ b/x-pack/plugins/cases/server/routes/api/internal/get_case_metrics.ts
@@ -27,6 +27,9 @@ export const getCaseMetricRoute = createCasesRoute({
       ]),
     }),
   },
+  routerOptions: {
+    access: 'internal',
+  },
   handler: async ({ context, request, response }) => {
     try {
       const caseContext = await context.cases;
diff --git a/x-pack/plugins/cases/server/routes/api/internal/get_case_user_actions_stats.ts b/x-pack/plugins/cases/server/routes/api/internal/get_case_user_actions_stats.ts
index f90fbd067bf626..07393c9f1880cb 100644
--- a/x-pack/plugins/cases/server/routes/api/internal/get_case_user_actions_stats.ts
+++ b/x-pack/plugins/cases/server/routes/api/internal/get_case_user_actions_stats.ts
@@ -18,6 +18,9 @@ export const getCaseUserActionStatsRoute = createCasesRoute({
       case_id: schema.string(),
     }),
   },
+  routerOptions: {
+    access: 'internal',
+  },
   handler: async ({ context, request, response }) => {
     try {
       const casesContext = await context.cases;
diff --git a/x-pack/plugins/cases/server/routes/api/internal/get_case_users.ts b/x-pack/plugins/cases/server/routes/api/internal/get_case_users.ts
index bbf69e43788869..eec44b5c926027 100644
--- a/x-pack/plugins/cases/server/routes/api/internal/get_case_users.ts
+++ b/x-pack/plugins/cases/server/routes/api/internal/get_case_users.ts
@@ -19,6 +19,9 @@ export const getCaseUsersRoute = createCasesRoute({
       case_id: schema.string(),
     }),
   },
+  routerOptions: {
+    access: 'internal',
+  },
   handler: async ({ context, request, response }) => {
     try {
       const casesContext = await context.cases;
diff --git a/x-pack/plugins/cases/server/routes/api/internal/get_cases_metrics.ts b/x-pack/plugins/cases/server/routes/api/internal/get_cases_metrics.ts
index 1d7a64e4e27cfd..68a9489323aafe 100644
--- a/x-pack/plugins/cases/server/routes/api/internal/get_cases_metrics.ts
+++ b/x-pack/plugins/cases/server/routes/api/internal/get_cases_metrics.ts
@@ -16,6 +16,9 @@ import { createCasesRoute } from '../create_cases_route';
 export const getCasesMetricRoute = createCasesRoute({
   method: 'get',
   path: INTERNAL_CASE_METRICS_URL,
+  routerOptions: {
+    access: 'internal',
+  },
   params: {
     query: schema.object({
       features: schema.oneOf([
diff --git a/x-pack/plugins/cases/server/routes/api/internal/get_connectors.ts b/x-pack/plugins/cases/server/routes/api/internal/get_connectors.ts
index bc5e2d701eb0f9..a88d6ee9b5c141 100644
--- a/x-pack/plugins/cases/server/routes/api/internal/get_connectors.ts
+++ b/x-pack/plugins/cases/server/routes/api/internal/get_connectors.ts
@@ -19,6 +19,9 @@ export const getConnectorsRoute = createCasesRoute({
       case_id: schema.string(),
     }),
   },
+  routerOptions: {
+    access: 'internal',
+  },
   handler: async ({ context, request, response }) => {
     try {
       const casesContext = await context.cases;
diff --git a/x-pack/plugins/cases/server/routes/api/internal/replace_custom_field.ts b/x-pack/plugins/cases/server/routes/api/internal/replace_custom_field.ts
index c243c10064c24d..4e60982f02c531 100644
--- a/x-pack/plugins/cases/server/routes/api/internal/replace_custom_field.ts
+++ b/x-pack/plugins/cases/server/routes/api/internal/replace_custom_field.ts
@@ -21,6 +21,9 @@ export const replaceCustomFieldRoute = createCasesRoute({
       custom_field_id: schema.string(),
     }),
   },
+  routerOptions: {
+    access: 'internal',
+  },
   handler: async ({ context, request, response }) => {
     try {
       const caseContext = await context.cases;
diff --git a/x-pack/plugins/cases/server/routes/api/internal/suggest_user_profiles.ts b/x-pack/plugins/cases/server/routes/api/internal/suggest_user_profiles.ts
index 747d59f1b6cf4a..79a3b4588d6a52 100644
--- a/x-pack/plugins/cases/server/routes/api/internal/suggest_user_profiles.ts
+++ b/x-pack/plugins/cases/server/routes/api/internal/suggest_user_profiles.ts
@@ -19,6 +19,7 @@ export const suggestUserProfilesRoute = (userProfileService: UserProfileService)
     path: INTERNAL_SUGGEST_USER_PROFILES_URL,
     routerOptions: {
       tags: ['access:casesSuggestUserProfiles'],
+      access: 'internal',
     },
     params: {
       body: escapeHatch,
diff --git a/x-pack/plugins/rule_registry/server/routes/bulk_update_alerts.ts b/x-pack/plugins/rule_registry/server/routes/bulk_update_alerts.ts
index 01f9d5c594068a..84fdcafd7b211f 100644
--- a/x-pack/plugins/rule_registry/server/routes/bulk_update_alerts.ts
+++ b/x-pack/plugins/rule_registry/server/routes/bulk_update_alerts.ts
@@ -46,6 +46,7 @@ export const bulkUpdateAlertsRoute = (router: IRouter<RacRequestHandlerContext>)
         ),
       },
       options: {
+        access: 'internal',
         tags: ['access:rac'],
       },
     },
diff --git a/x-pack/plugins/rule_registry/server/routes/find.ts b/x-pack/plugins/rule_registry/server/routes/find.ts
index 5075525a9dbd81..370607836b832c 100644
--- a/x-pack/plugins/rule_registry/server/routes/find.ts
+++ b/x-pack/plugins/rule_registry/server/routes/find.ts
@@ -38,6 +38,7 @@ export const findAlertsByQueryRoute = (router: IRouter<RacRequestHandlerContext>
         ),
       },
       options: {
+        access: 'internal',
         tags: ['access:rac'],
       },
     },
diff --git a/x-pack/plugins/rule_registry/server/routes/get_aad_fields_by_rule_type.ts b/x-pack/plugins/rule_registry/server/routes/get_aad_fields_by_rule_type.ts
index 5ebd217053af7a..39e0b96d466cb7 100644
--- a/x-pack/plugins/rule_registry/server/routes/get_aad_fields_by_rule_type.ts
+++ b/x-pack/plugins/rule_registry/server/routes/get_aad_fields_by_rule_type.ts
@@ -27,6 +27,7 @@ export const getAADFieldsByRuleType = (router: IRouter<RacRequestHandlerContext>
         ),
       },
       options: {
+        access: 'internal',
         tags: ['access:rac'],
       },
     },
diff --git a/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.ts b/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.ts
index 2dc2d1ec2db7dc..d904796c687535 100644
--- a/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.ts
+++ b/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.ts
@@ -35,6 +35,7 @@ export const getAlertByIdRoute = (router: IRouter<RacRequestHandlerContext>) =>
         ),
       },
       options: {
+        access: 'internal',
         tags: ['access:rac'],
       },
     },
diff --git a/x-pack/plugins/rule_registry/server/routes/get_alert_index.ts b/x-pack/plugins/rule_registry/server/routes/get_alert_index.ts
index 8140f413c96f9f..f828deff3301d1 100644
--- a/x-pack/plugins/rule_registry/server/routes/get_alert_index.ts
+++ b/x-pack/plugins/rule_registry/server/routes/get_alert_index.ts
@@ -28,6 +28,7 @@ export const getAlertsIndexRoute = (router: IRouter<RacRequestHandlerContext>) =
         ),
       },
       options: {
+        access: 'internal',
         tags: ['access:rac'],
       },
     },
diff --git a/x-pack/plugins/rule_registry/server/routes/get_alert_summary.ts b/x-pack/plugins/rule_registry/server/routes/get_alert_summary.ts
index 838bf06e7e7684..fc4ce222c81e60 100644
--- a/x-pack/plugins/rule_registry/server/routes/get_alert_summary.ts
+++ b/x-pack/plugins/rule_registry/server/routes/get_alert_summary.ts
@@ -40,6 +40,7 @@ export const getAlertSummaryRoute = (router: IRouter<RacRequestHandlerContext>)
         ),
       },
       options: {
+        access: 'internal',
         tags: ['access:rac'],
       },
     },
diff --git a/x-pack/plugins/rule_registry/server/routes/get_alerts_group_aggregations.ts b/x-pack/plugins/rule_registry/server/routes/get_alerts_group_aggregations.ts
index bd589fcda71a18..0d447d6a14210b 100644
--- a/x-pack/plugins/rule_registry/server/routes/get_alerts_group_aggregations.ts
+++ b/x-pack/plugins/rule_registry/server/routes/get_alerts_group_aggregations.ts
@@ -36,6 +36,7 @@ export const getAlertsGroupAggregations = (router: IRouter<RacRequestHandlerCont
         ),
       },
       options: {
+        access: 'internal',
         tags: ['access:rac'],
       },
     },
diff --git a/x-pack/plugins/rule_registry/server/routes/get_browser_fields_by_feature_id.ts b/x-pack/plugins/rule_registry/server/routes/get_browser_fields_by_feature_id.ts
index 995f992e0b8007..a21d816c7b570f 100644
--- a/x-pack/plugins/rule_registry/server/routes/get_browser_fields_by_feature_id.ts
+++ b/x-pack/plugins/rule_registry/server/routes/get_browser_fields_by_feature_id.ts
@@ -27,6 +27,7 @@ export const getBrowserFieldsByFeatureId = (router: IRouter<RacRequestHandlerCon
         ),
       },
       options: {
+        access: 'internal',
         tags: ['access:rac'],
       },
     },
diff --git a/x-pack/plugins/rule_registry/server/routes/get_feature_ids_by_registration_contexts.ts b/x-pack/plugins/rule_registry/server/routes/get_feature_ids_by_registration_contexts.ts
index 28e0aa59407092..42a99cb410fc5b 100644
--- a/x-pack/plugins/rule_registry/server/routes/get_feature_ids_by_registration_contexts.ts
+++ b/x-pack/plugins/rule_registry/server/routes/get_feature_ids_by_registration_contexts.ts
@@ -27,6 +27,7 @@ export const getFeatureIdsByRegistrationContexts = (router: IRouter<RacRequestHa
         ),
       },
       options: {
+        access: 'internal',
         tags: ['access:rac'],
       },
     },
diff --git a/x-pack/plugins/rule_registry/server/routes/update_alert_by_id.ts b/x-pack/plugins/rule_registry/server/routes/update_alert_by_id.ts
index 67743a2d826801..cc8174b70add01 100644
--- a/x-pack/plugins/rule_registry/server/routes/update_alert_by_id.ts
+++ b/x-pack/plugins/rule_registry/server/routes/update_alert_by_id.ts
@@ -36,6 +36,7 @@ export const updateAlertByIdRoute = (router: IRouter<RacRequestHandlerContext>)
         ),
       },
       options: {
+        access: 'internal',
         tags: ['access:rac'],
       },
     },
diff --git a/x-pack/plugins/stack_connectors/server/routes/get_well_known_email_service.ts b/x-pack/plugins/stack_connectors/server/routes/get_well_known_email_service.ts
index 94d2d199d4b625..5e15ca4c328389 100644
--- a/x-pack/plugins/stack_connectors/server/routes/get_well_known_email_service.ts
+++ b/x-pack/plugins/stack_connectors/server/routes/get_well_known_email_service.ts
@@ -29,6 +29,9 @@ export const getWellKnownEmailServiceRoute = (router: IRouter) => {
       validate: {
         params: paramSchema,
       },
+      options: {
+        access: 'internal',
+      },
     },
     handler
   );
diff --git a/x-pack/plugins/stack_connectors/server/routes/valid_slack_api_channels.ts b/x-pack/plugins/stack_connectors/server/routes/valid_slack_api_channels.ts
index cd2cb113a67506..420af8d1048916 100644
--- a/x-pack/plugins/stack_connectors/server/routes/valid_slack_api_channels.ts
+++ b/x-pack/plugins/stack_connectors/server/routes/valid_slack_api_channels.ts
@@ -37,6 +37,9 @@ export const validSlackApiChannelsRoute = (
       validate: {
         body: bodySchema,
       },
+      options: {
+        access: 'internal',
+      },
     },
     handler
   );
diff --git a/x-pack/plugins/triggers_actions_ui/server/data/routes/fields.ts b/x-pack/plugins/triggers_actions_ui/server/data/routes/fields.ts
index 2b18bd45672430..677d90066f182f 100644
--- a/x-pack/plugins/triggers_actions_ui/server/data/routes/fields.ts
+++ b/x-pack/plugins/triggers_actions_ui/server/data/routes/fields.ts
@@ -32,6 +32,9 @@ export function createFieldsRoute(logger: Logger, router: IRouter, baseRoute: st
       validate: {
         body: bodySchema,
       },
+      options: {
+        access: 'internal',
+      },
     },
     handler
   );
diff --git a/x-pack/plugins/triggers_actions_ui/server/data/routes/indices.ts b/x-pack/plugins/triggers_actions_ui/server/data/routes/indices.ts
index a75853be1a3e44..53c72a77d63853 100644
--- a/x-pack/plugins/triggers_actions_ui/server/data/routes/indices.ts
+++ b/x-pack/plugins/triggers_actions_ui/server/data/routes/indices.ts
@@ -36,6 +36,9 @@ export function createIndicesRoute(logger: Logger, router: IRouter, baseRoute: s
       validate: {
         body: bodySchema,
       },
+      options: {
+        access: 'internal',
+      },
     },
     handler
   );
diff --git a/x-pack/plugins/triggers_actions_ui/server/data/routes/time_series_query.ts b/x-pack/plugins/triggers_actions_ui/server/data/routes/time_series_query.ts
index 24a0eaf13f7710..f549e465769397 100644
--- a/x-pack/plugins/triggers_actions_ui/server/data/routes/time_series_query.ts
+++ b/x-pack/plugins/triggers_actions_ui/server/data/routes/time_series_query.ts
@@ -31,6 +31,9 @@ export function createTimeSeriesQueryRoute(
       validate: {
         body: TimeSeriesQuerySchema,
       },
+      options: {
+        access: 'internal',
+      },
     },
     handler
   );
diff --git a/x-pack/plugins/triggers_actions_ui/server/routes/config.ts b/x-pack/plugins/triggers_actions_ui/server/routes/config.ts
index e6904681e71b4c..2e10586b76924a 100644
--- a/x-pack/plugins/triggers_actions_ui/server/routes/config.ts
+++ b/x-pack/plugins/triggers_actions_ui/server/routes/config.ts
@@ -39,6 +39,9 @@ export function createConfigRoute({
     {
       path,
       validate: false,
+      options: {
+        access: 'internal',
+      },
     },
     handler
   );
diff --git a/x-pack/plugins/triggers_actions_ui/server/routes/health.ts b/x-pack/plugins/triggers_actions_ui/server/routes/health.ts
index 679026ab56f2b2..b57e9b3df4dc60 100644
--- a/x-pack/plugins/triggers_actions_ui/server/routes/health.ts
+++ b/x-pack/plugins/triggers_actions_ui/server/routes/health.ts
@@ -26,6 +26,9 @@ export function createHealthRoute(
     {
       path,
       validate: false,
+      options: {
+        access: 'internal',
+      },
     },
     handler
   );