2 years ago · aa9c7e4bb6
--- a/docs/changelog/97539.yaml
+++ b/docs/changelog/97539.yaml
@@ -0,0 +1,5 @@
 
				+pr: 97539
			
 
				+summary: "Give all acces to .slo-observability.* indice to kibana user"
			
 
				+area: Authentication
			
 
				+type: enhancement
			
 
				+issues: []
			
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
@@ -299,7 +299,10 @@ class KibanaOwnedReservedRoleDescriptors {
 
				                 RoleDescriptor.IndicesPrivileges.builder()
			
 
				                     .indices("logs-cloud_defend.*", "metrics-cloud_defend.*")
			
 
				                     .privileges("read", "view_index_metadata")
			
 
				-                    .build() },
			
 
				+                    .build(),
			
 
				+                // SLO observability solution internal indices
			
 
				+                // Kibana system user uses them to read / write slo data.
			
 
				+                RoleDescriptor.IndicesPrivileges.builder().indices(".slo-observability.*").privileges("all").build() },
			
 
				             null,
			
 
				             new ConfigurableClusterPrivilege[] {
			
 
				                 new ConfigurableClusterPrivileges.ManageApplicationPrivileges(Set.of("kibana-*")),
			
--- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
+++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
@@ -595,7 +595,8 @@ public class ReservedRolesStoreTests extends ESTestCase {
 
				             ReservedRolesStore.PREVIEW_ALERTS_INDEX_ALIAS + randomAlphaOfLength(randomIntBetween(0, 13)),
			
 
				             ReservedRolesStore.PREVIEW_ALERTS_BACKING_INDEX_ALIAS + randomAlphaOfLength(randomIntBetween(0, 13)),
			
 
				             ReservedRolesStore.LISTS_INDEX + randomAlphaOfLength(randomIntBetween(0, 13)),
			
 
				-            ReservedRolesStore.LISTS_ITEMS_INDEX + randomAlphaOfLength(randomIntBetween(0, 13))
			
 
				+            ReservedRolesStore.LISTS_ITEMS_INDEX + randomAlphaOfLength(randomIntBetween(0, 13)),
			
 
				+            ".slo-observability." + randomAlphaOfLength(randomIntBetween(0, 13))
			
 
				         ).forEach(index -> assertAllIndicesAccessAllowed(kibanaRole, index));
			
 
				 
			
 
				         // read-only index access, including cross cluster