We just upgraded to 8.2 and we create different roles for users to allow for certain behavior.
I'm following this guide, and I want to allow users to preview rules but not give them full admin access - Detections prerequisites and requirements | Elastic Security Solution [8.2] | Elastic
I've created every single combination of the indices it lists in the documentation, but I am still running into an error. The role includes ALL privs to the Security app. Please see the attached screenshots.
I've also spun up a brand new 8.2 instance in the Cloud and can replicate this behavior.
I'm running into the below error, although the permissions are clearly granted. How can we fix this?
Missing "read" privileges for the ".preview.alerts-security.alerts" or ".internal.preview.alerts-security.alerts" indices. Without these privileges you cannot use the Rule Preview feature.