[Request] Permissions for alert suppression in machine learning rules #5492
Labels
Docset: ESS
Issues that apply to docs in the Stack release
Docset: Serverless
Issues for Serverless Security
Effort: Medium
Issues that take moderate but not substantial time to complete
Feature: Alerts
Feature: Machine Learning
Feature: Rules
Team: Detection Engine
v8.15.0
Description
Users need a read permission for the
.ml-anomalies-*
index if the user in question is going to be authoring/managing ML Rules with Alert Suppression.Background & resources
Which documentation set does this change impact?
ESS and serverless
ESS release
8.15
Serverless release
Unknown
Feature differences
Unknown. Since it's a privileges thing, I assume there's an equivalent serverless prebuilt role that provides read access to the
.ml-anomalies-*
index pattern, but that isn't clear from the thread. @rylnd could you confirm which serverless roles are required?API docs impact
Unknown
Prerequisites, privileges, feature flags
Unknown
The text was updated successfully, but these errors were encountered: