[Request] RBAC update - third party response actions

[caitlinbetz]

Description

We have made a change to the RBAC requirements for using third party response actions, requiring users to add a second privilege to use these capabilities.

Existing docs pages:
https://www.elastic.co/guide/en/security/current/third-party-actions.html
https://www.elastic.co/guide/en/security/current/response-actions-config.html

A user will need BOTH of following Kibana privileges to use third party response actions:

• Security > Security: Corresponding security solution response action privilege (documented here: https://www.elastic.co/guide/en/security/current/endpoint-management-req.html)

  • This is currently documented on the third party actions page
  • 

• Management > Actions and Connectors > EDR sub-privilege

  • New privilege that we would like to document

Background & resources

• PRs:
• Issues/metas:
• Point of contact: @caitlinbetz @paul-tavares
• Test environments:

Which documentation set does this change impact?

ESS and serverless

ESS release

ESS: 8.18

Serverless release

Monday January 27 2025

Feature differences

No differences

API docs impact

@paul-tavares could you provide?

Prerequisites, privileges, feature flags

No response

[natasha-moore-elastic]

Hey @caitlinbetz @paul-tavares, is there a test environment you could share for this feature?

Thanks!

[paul-tavares]

@natasha-moore-elastic ,

See my comment on this issue: #6303 (comment)

[lcawl]

Management > Actions and Connectors > EDR sub-privilege
New privilege that we would like to document

I'm not sure where you want to mention this in the Security Guide, but I've created elastic/kibana#207136 to mention it in the Kibana Guide.