From 22ecbc4e074e974eca0eb232c449338eebeaec23 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Sat, 24 May 2025 13:48:44 +0200
Subject: [PATCH] [AI SOC] Grant fleet (v1) access to see integrations in
 Search AI Lake tier (#221189)

---
 config/serverless.security.search_ai_lake.yml | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/config/serverless.security.search_ai_lake.yml b/config/serverless.security.search_ai_lake.yml
index 78b7eab0b015..2d35f71b54fb 100644
--- a/config/serverless.security.search_ai_lake.yml
+++ b/config/serverless.security.search_ai_lake.yml
@@ -18,6 +18,37 @@ xpack.features.overrides:
   siemV2.description: null
   securitySolutionSiemMigrations.hidden: true
 
+  ## Fine-tune the security solution essentials feature privileges. These feature privilege overrides are set individually for each project type. Also, refer to `serverless.yml` for the project-agnostic overrides.
+  siemV2:
+    privileges:
+      all.composedOf:
+        ## Limited values so the fields from serverless.yml or serverless.security.yml are overwritten
+        ## We do not need to compose siemV2 from maps and visualizations because these functionalities are disabled in this tier
+        - feature: "discover_v2"
+          privileges: [ "all" ]
+          ## We need limited read access to fleet (v1) in order to use integrations
+        - feature: "fleet"
+          privileges: [ "all" ]
+      read.composedOf:
+        - feature: "discover_v2"
+          privileges: [ "read" ]
+        - feature: "fleet"
+          privileges: [ "read" ]
+  siem:
+    privileges:
+      all.composedOf:
+        ## Limited values so the fields from serverless.yml or serverless.security.yml are overwritten
+        ## We do not need to compose siemV2 from maps and visualizations because these functionalities are disabled in this tier
+        - feature: "discover_v2"
+          privileges: [ "all" ]
+        - feature: "savedQueryManagement"
+          privileges: [ "all" ]
+      read.composedOf:
+        - feature: "discover_v2"
+          privileges: [ "read" ]
+        - feature: "savedQueryManagement"
+          privileges: [ "read" ]
+
 # Custom integrations/fleet settings
 xpack.fleet.agentless.isDefault: true
 xpack.fleet.integrationsHomeOverride: '/app/security/configurations/integrations'