diff --git a/docs/en/ingest-management/images/kibana-fleet-privileges-all.png b/docs/en/ingest-management/images/kibana-fleet-privileges-all.png deleted file mode 100644 index 128b1862b..000000000 Binary files a/docs/en/ingest-management/images/kibana-fleet-privileges-all.png and /dev/null differ diff --git a/docs/en/ingest-management/images/kibana-fleet-privileges-read.png b/docs/en/ingest-management/images/kibana-fleet-privileges-read.png deleted file mode 100644 index 7288e9974..000000000 Binary files a/docs/en/ingest-management/images/kibana-fleet-privileges-read.png and /dev/null differ diff --git a/docs/en/ingest-management/security/fleet-roles-and-privileges.asciidoc b/docs/en/ingest-management/security/fleet-roles-and-privileges.asciidoc index dd1b460fb..d2dece98e 100644 --- a/docs/en/ingest-management/security/fleet-roles-and-privileges.asciidoc +++ b/docs/en/ingest-management/security/fleet-roles-and-privileges.asciidoc @@ -7,57 +7,39 @@ Assigning the {kib} feature privileges `Fleet` and `Integrations` grants access `all`:: Grants full read-write access. `read`:: Grants read-only access. -`none`:: No access is granted. -Take advantage of these privilege settings by: - -* <> -* <> - -[discrete] -[[fleet-roles-and-privileges-built-in]] -== Built-in roles - -{es} comes with built-in roles that include default privileges. - -`editor`:: The built-in `editor` role grants the following privileges, supporting full read-write access to {fleet} and Integrations: -* {Fleet}: `all` -* Integrations: `all` +* {Fleet}: `All` +* Integrations: `All` -`viewer`:: The built-in `viewer` role grants the following privileges, supporting read-only access to {fleet} and Integrations: -* {Fleet}: `read` -* Integrations: `read` +* {Fleet}:: `None` +* Integrations:: `Read` -You can also create a new role that can be assigned to a user, in order to grant more specific levels of access to {fleet} and Integrations. +You can also create a new role that can be assigned to a user to grant access to {fleet} and Integrations. [discrete] [[fleet-roles-and-privileges-create]] == Create a role for {fleet} -To create a new role with access to {fleet} and Integrations: +To create a new role with full access to use and manage {fleet} and Integrations: . In {kib}, go to **Management -> Stack Management**. . In the **Security** section, select **Roles**. . Select **Create role**. . Specify a name for the role. . Leave the {es} settings at their defaults, or refer to {ref}/security-privileges.html[Security privileges] for descriptions of the available settings. -. In the {kib} section, select **Assign to space**. -. In the **Spaces** menu, select *** All Spaces**. Since many Integrations assets are shared across spaces, the users need the {kib} privileges in all spaces. +. In the {kib} section, select **Add Kibana privilege**. +. In the **Spaces** menu, select *** All Spaces**. Since many Integrations assets are shared across spaces, the users needs the {kib} privileges in all spaces. . Expand the **Management** section. -. Choose the access level that you'd like the role to have with respect to {fleet} and integrations: +. Set **Fleet** privileges to **All**. +. Set **Integrations** privileges to **All**. -.. To grant the role full access to use and manage {fleet} and integrations, set both the **Fleet** and **Integrations** privileges to `All`. -+ [role="screenshot"] -image::images/kibana-fleet-privileges-all.png[Kibana privileges flyout showing Fleet and Integrations set to All] +image::images/kibana-fleet-privileges.png[Kibana privileges flyout showing Fleet and Integrations set to All] -.. Similarly, to create a read-only user for {fleet} and Integrations, set both the **Fleet** and **Integrations** privileges to `Read`. -+ -[role="screenshot"] -image::images/kibana-fleet-privileges-read.png[Kibana privileges flyout showing Fleet and Integrations set to All] +To create a read-only user for Integrations, follow the same steps as above but set the **Fleet** privileges to **None** and the **Integrations** privileges to **Read**. -Once you've created a new role you can assign it to any {es} user. You can edit the role at any time by returning to the **Roles** page in {kib}. +Read-only access to {fleet} is not currently supported but is planned for development in a later release.