[Security Solution] Give entity store permissions to built-in and cloud roles

packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml

@@ -35,6 +35,7 @@ viewer:
         - '.fleet-actions*'
         - 'risk-score.risk-score-*'
         - '.asset-criticality.asset-criticality-*'
+        - '.entities.v1.latest.security_*'
         - '.ml-anomalies-*'
       privileges:
         - read
@@ -99,6 +100,7 @@ editor:
         - 'maintenance'
     - names:
         - '.asset-criticality.asset-criticality-*'
+        - '.entities.v1.latest.security_*'
       privileges:
         - 'read'
         - 'write'
@@ -162,6 +164,7 @@ t1_analyst:
         - '.fleet-actions*'
         - risk-score.risk-score-*
         - .asset-criticality.asset-criticality-*
+        - .entities.v1.latest.security_*
         - '.ml-anomalies-*'
       privileges:
         - read
@@ -211,6 +214,7 @@ t2_analyst:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - '.ml-anomalies-*'
       privileges:
         - read
@@ -274,6 +278,7 @@ t3_analyst:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - '.ml-anomalies-*'
       privileges:
         - read
@@ -346,6 +351,7 @@ threat_intelligence_analyst:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - '.ml-anomalies-*'
       privileges:
         - read
@@ -406,6 +412,7 @@ rule_author:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - '.ml-anomalies-*'
       privileges:
         - read
@@ -472,6 +479,7 @@ soc_manager:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - '.ml-anomalies-*'
       privileges:
         - read
@@ -543,6 +551,7 @@ detections_admin:
         - all
     - names:
         - .asset-criticality.asset-criticality-*
+        - .entities.v1.latest.security_*
       privileges:
         - read
         - write
@@ -590,6 +599,7 @@ platform_engineer:
         - all
     - names:
         - .asset-criticality.asset-criticality-*
+        - .entities.v1.latest.security_*
       privileges:
         - read
         - write
@@ -648,6 +658,7 @@ endpoint_operations_analyst:
         - .lists*
         - .items*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - '.ml-anomalies-*'
       privileges:
         - read
@@ -717,6 +728,7 @@ endpoint_policy_manager:
         - winlogbeat-*
         - logstash-*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
       privileges:
         - read
     - names:

packages/kbn-es/src/serverless_resources/security_roles.json

@@ -120,7 +120,12 @@
           "privileges": ["read", "write"]
         },
         {
-          "names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*", "risk-score.risk-score-*"],
+          "names": [
+            "metrics-endpoint.metadata_current_*",
+            ".fleet-agents*", ".fleet-actions*",
+            "risk-score.risk-score-*",
+            ".entities.v1.latest.security_*"
+          ],
           "privileges": ["read"]
         }
       ],

x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml

@@ -53,6 +53,7 @@ viewer:
         - ".fleet-actions*"
         - "risk-score.risk-score-*"
         - ".asset-criticality.asset-criticality-*"
+        - ".entities.v1.latest.security_*"
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -117,6 +118,7 @@ editor:
         - "maintenance"
     - names:
         - ".asset-criticality.asset-criticality-*"
+        - .entities.v1.latest.security_*
       privileges:
         - "read"
         - "write"
@@ -181,6 +183,7 @@ t1_analyst:
         - ".fleet-actions*"
         - risk-score.risk-score-*
         - .asset-criticality.asset-criticality-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -231,6 +234,7 @@ t2_analyst:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -295,6 +299,7 @@ t3_analyst:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -363,6 +368,7 @@ threat_intelligence_analyst:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -424,6 +430,7 @@ rule_author:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -468,6 +475,7 @@ soc_manager:
         - packetbeat-*
         - winlogbeat-*
         - .asset-criticality.asset-criticality-*
+        - .entities.v1.latest.security_*
       privileges:
         - read
         - write
@@ -491,6 +499,7 @@ soc_manager:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .asset-criticality.asset-criticality-*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -563,6 +572,7 @@ detections_admin:
         - all
     - names:
         - .asset-criticality.asset-criticality-*
+        - .entities.v1.latest.security_*
       privileges:
         - read
         - write
@@ -611,6 +621,7 @@ platform_engineer:
         - all
     - names:
         - .asset-criticality.asset-criticality-*
+        - .entities.v1.latest.security_*
       privileges:
         - read
         - write
@@ -670,6 +681,7 @@ endpoint_operations_analyst:
         - .lists*
         - .items*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -740,6 +752,7 @@ endpoint_policy_manager:
         - packetbeat-*
         - winlogbeat-*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read

x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml

@@ -34,6 +34,7 @@ viewer:
         - ".fleet-actions*"
         - "risk-score.risk-score-*"
         - ".asset-criticality.asset-criticality-*"
+        - ".entities.v1.latest.security_*"
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -98,6 +99,7 @@ editor:
         - "maintenance"
     - names:
         - ".asset-criticality.asset-criticality-*"
+        - ".entities.v1.latest.security_*"
       privileges:
         - "read"
         - "write"
@@ -162,6 +164,7 @@ t1_analyst:
         - ".fleet-actions*"
         - risk-score.risk-score-*
         - .asset-criticality.asset-criticality-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -212,6 +215,7 @@ t2_analyst:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -276,6 +280,7 @@ t3_analyst:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -344,6 +349,7 @@ threat_intelligence_analyst:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -405,6 +411,7 @@ rule_author:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -449,6 +456,7 @@ soc_manager:
         - packetbeat-*
         - winlogbeat-*
         - .asset-criticality.asset-criticality-*
+        - .entities.v1.latest.security_*
       privileges:
         - read
         - write
@@ -472,6 +480,7 @@ soc_manager:
         - .fleet-agents*
         - .fleet-actions*
         - risk-score.risk-score-*
+        - .asset-criticality.asset-criticality-*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -544,6 +553,7 @@ detections_admin:
         - all
     - names:
         - .asset-criticality.asset-criticality-*
+        - .entities.v1.latest.security_*
       privileges:
         - read
         - write
@@ -592,6 +602,7 @@ platform_engineer:
         - all
     - names:
         - .asset-criticality.asset-criticality-*
+        - .entities.v1.latest.security_*
       privileges:
         - read
         - write
@@ -651,6 +662,7 @@ endpoint_operations_analyst:
         - .lists*
         - .items*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read
@@ -721,6 +733,7 @@ endpoint_policy_manager:
         - packetbeat-*
         - winlogbeat-*
         - risk-score.risk-score-*
+        - .entities.v1.latest.security_*
         - ".ml-anomalies-*"
       privileges:
         - read