Open e40pud opened 3 weeks ago
Thanks for filing this, @e40pud! It might be worth mentioning the priv requirement in this section as well, where it says:
The first time a user visits Elastic Security within a given Kibana space, the default data view generates in that space and becomes active.
Since Serverless doesn't have spaces, we won't need to doc this information in the corresponding Serverless docs for data views and detection privs.
Note for self: I checked with Zhenia and got confirmation that it's okay to start work on this towards the end of Sprint 16 (July 1-5). I'm scheduling it for Sprint 16 for now, with the understanding that it could spill over to Sprint 17.
Description
One of our customers discovered the issue with the spaces inside security solution. After investigation we realised that it is not a bug, but rather missing requirements description on Detections prerequisites and requirements page.
The issue
When user creates a space without "Data View Management" privileges then security solution app won't be able to generate a default data view which is required for rules and alerts within security solution.
Enhancement
We should add "Management > Data View Management" feature visibility privilege as a required option for security solution spaces. NOTE: we are talking about spaces privileges in this case, not user privileges.
If user wants to create a space without "Data View Management" feature visibility, they have to follow these steps:
New Space > Security Solution > Alerts
page - this step will generate all required data views for security solution to work as expectedRelated links / assets
Please include each of the following, if applicable: Doc URL: https://www.elastic.co/guide/en/security/8.14/detections-permissions-section.html#detections-permissions-section
Which documentation set needs improvement?
ESS and serverless
Software version
Customer discovered the issue in
8.13.4
, though the issue is present since space were introduced. We should update docs for all available versions.Collaborators
Developer: @e40pud
Timeline / deliverables
This is core functionality of the detection engine and thus we should prioritise docs for this enhancement if possible to add docs in next release.