remove 'create_index' privilege from soc_manager role since that is n…

…ot parity with the security workflows spreadsheet
elastic · Nov 10, 2020 · 2d3c176 · 2d3c176
1 parent ab85450
commit 2d3c176
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/..._solution/server/lib/detection_engine/scripts/roles_users/soc_manager/README.md b/..._solution/server/lib/detection_engine/scripts/roles_users/soc_manager/README.md
@@ -1,4 +1,4 @@
-SOC Manager has all of the privileges of a rule author role with the additional privilege of creating the signals index and lists indices upon initial visit
+SOC Manager has all of the privileges of a rule author role with the additional privilege of managing the signals index. It can't create the signals index though.
 
 |    Role     | Data Sources | SIEM ML Jobs/Results |    Lists    | Rules/Exceptions | Action Connectors |   Signals/Alerts    |
 | :---------: | :----------: | :------------------: | :---------: | :--------------: | :---------------: | :-----------------: |

diff --git a/...solution/server/lib/detection_engine/scripts/roles_users/soc_manager/detections_role.json b/...solution/server/lib/detection_engine/scripts/roles_users/soc_manager/detections_role.json
@@ -18,7 +18,7 @@
       },
       {
         "names": [".siem-signals-*"],
-        "privileges": ["read", "write", "create_index", "manage"]
+        "privileges": ["read", "write", "manage"]
       }
     ]
   },