[8.x] [SecuritySolution][Endpoint] Update serverless roles to include stack connector sub-privilege (#208155) (#208420)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[SecuritySolution][Endpoint] Update serverless roles to include stack
connector sub-privilege
(#208155)](https://github.com/elastic/kibana/pull/208155)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"Ash","email":"1849116+ashokaditya@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-01-27T17:40:28Z","message":"[SecuritySolution][Endpoint]
Update serverless roles to include stack connector sub-privilege
(#208155)\n\n## Summary\n\nAdds EDR stack connectors sub-privilege to
serverless roles.\n\n### Checklist\n\nReviewers should verify this PR
satisfies this list as well.\n\n- [ ] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[
]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas
added for features that require explanation or tutorials\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] If a plugin
configuration key changed, check if it needs to be\nallowlisted in the
cloud and added to the
[docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n-
[ ] This was checked for breaking HTTP API changes, and any
breaking\nchanges have been approved by the breaking-change committee.
The\n`release_note:breaking` label should be applied in these
situations.\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [ ] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n###
Identify risks\n\nDoes this PR introduce any risks? For example,
consider risks like hard\nto test bugs, performance regression,
potential of data loss.\n\nDescribe the risk, its severity, and
mitigation for each identified\nrisk. Invite stakeholders and evaluate
how to proceed before merging.\n\n- [ ] [See some
risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n-
[ ]
...","sha":"ba8d83a14c7e736abe74164f37e868db6376c340","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","OLM
Sprint","backport:version","v8.18.0"],"title":"[SecuritySolution][Endpoint]
Update serverless roles to include stack connector
sub-privilege","number":208155,"url":"https://github.com/elastic/kibana/pull/208155","mergeCommit":{"message":"[SecuritySolution][Endpoint]
Update serverless roles to include stack connector sub-privilege
(#208155)\n\n## Summary\n\nAdds EDR stack connectors sub-privilege to
serverless roles.\n\n### Checklist\n\nReviewers should verify this PR
satisfies this list as well.\n\n- [ ] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[
]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas
added for features that require explanation or tutorials\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] If a plugin
configuration key changed, check if it needs to be\nallowlisted in the
cloud and added to the
[docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n-
[ ] This was checked for breaking HTTP API changes, and any
breaking\nchanges have been approved by the breaking-change committee.
The\n`release_note:breaking` label should be applied in these
situations.\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [ ] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n###
Identify risks\n\nDoes this PR introduce any risks? For example,
consider risks like hard\nto test bugs, performance regression,
potential of data loss.\n\nDescribe the risk, its severity, and
mitigation for each identified\nrisk. Invite stakeholders and evaluate
how to proceed before merging.\n\n- [ ] [See some
risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n-
[ ]
...","sha":"ba8d83a14c7e736abe74164f37e868db6376c340"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/208155","number":208155,"mergeCommit":{"message":"[SecuritySolution][Endpoint]
Update serverless roles to include stack connector sub-privilege
(#208155)\n\n## Summary\n\nAdds EDR stack connectors sub-privilege to
serverless roles.\n\n### Checklist\n\nReviewers should verify this PR
satisfies this list as well.\n\n- [ ] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[
]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas
added for features that require explanation or tutorials\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] If a plugin
configuration key changed, check if it needs to be\nallowlisted in the
cloud and added to the
[docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n-
[ ] This was checked for breaking HTTP API changes, and any
breaking\nchanges have been approved by the breaking-change committee.
The\n`release_note:breaking` label should be applied in these
situations.\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [ ] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n###
Identify risks\n\nDoes this PR introduce any risks? For example,
consider risks like hard\nto test bugs, performance regression,
potential of data loss.\n\nDescribe the risk, its severity, and
mitigation for each identified\nrisk. Invite stakeholders and evaluate
how to proceed before merging.\n\n- [ ] [See some
risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n-
[ ]
...","sha":"ba8d83a14c7e736abe74164f37e868db6376c340"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Ash <1849116+ashokaditya@users.noreply.github.com>

packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml

@@ -134,6 +134,7 @@ editor:
         - feature_securitySolutionTimeline.all
         - feature_securitySolutionNotes.all
         - feature_actions.read
+        - feature_actions.endpoint_security_execute
         - feature_builtInAlerts.all
         - feature_osquery.all
         - feature_discover.all
@@ -315,6 +316,7 @@ t3_analyst:
         - feature_securitySolutionTimeline.all
         - feature_securitySolutionNotes.all
         - feature_actions.read
+        - feature_actions.endpoint_security_execute
         - feature_builtInAlerts.all
         - feature_osquery.all
         - feature_discover.all
@@ -525,6 +527,7 @@ soc_manager:
         - feature_securitySolutionTimeline.all
         - feature_securitySolutionNotes.all
         - feature_actions.all
+        - feature_actions.endpoint_security_execute
         - feature_builtInAlerts.all
         - feature_osquery.all
         - feature_indexPatterns.all
@@ -725,6 +728,7 @@ endpoint_operations_analyst:
         - feature_securitySolutionTimeline.all
         - feature_securitySolutionNotes.all
         - feature_actions.all
+        - feature_actions.endpoint_security_execute
         - feature_builtInAlerts.all
         - feature_osquery.all
         - feature_fleet.all

x-pack/solutions/security/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml

@@ -152,6 +152,7 @@ editor:
         - feature_securitySolutionTimeline.all
         - feature_securitySolutionNotes.all
         - feature_actions.read
+        - feature_actions.endpoint_security_execute
         - feature_builtInAlerts.all
         - feature_osquery.all
         - feature_discover.all
@@ -336,6 +337,7 @@ t3_analyst:
         - feature_securitySolutionTimeline.all
         - feature_securitySolutionNotes.all
         - feature_actions.read
+        - feature_actions.endpoint_security_execute
         - feature_builtInAlerts.all
         - feature_osquery.all
         - feature_discover.all
@@ -545,6 +547,7 @@ soc_manager:
         - feature_securitySolutionTimeline.all
         - feature_securitySolutionNotes.all
         - feature_actions.all
+        - feature_actions.endpoint_security_execute
         - feature_builtInAlerts.all
         - feature_osquery.all
         - feature_indexPatterns.all
@@ -748,6 +751,7 @@ endpoint_operations_analyst:
         - feature_securitySolutionTimeline.all
         - feature_securitySolutionNotes.all
         - feature_actions.all
+        - feature_actions.endpoint_security_execute
         - feature_builtInAlerts.all
         - feature_osquery.all
         - feature_fleet.all

x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml

@@ -133,6 +133,7 @@ editor:
         - feature_securitySolutionTimeline.all
         - feature_securitySolutionNotes.all
         - feature_actions.read
+        - feature_actions.endpoint_security_execute
         - feature_builtInAlerts.all
         - feature_osquery.all
         - feature_discover.all
@@ -320,6 +321,7 @@ t3_analyst:
         - feature_securitySolutionTimeline.all
         - feature_securitySolutionNotes.all
         - feature_actions.read
+        - feature_actions.endpoint_security_execute
         - feature_builtInAlerts.all
         - feature_osquery.all
         - feature_discover.all
@@ -533,6 +535,7 @@ soc_manager:
         - feature_securitySolutionTimeline.all
         - feature_securitySolutionNotes.all
         - feature_actions.all
+        - feature_actions.endpoint_security_execute
         - feature_builtInAlerts.all
         - feature_osquery.all
         - feature_indexPatterns.all
@@ -736,6 +739,7 @@ endpoint_operations_analyst:
         - feature_securitySolutionTimeline.all
         - feature_securitySolutionNotes.all
         - feature_actions.all
+        - feature_actions.endpoint_security_execute
         - feature_builtInAlerts.all
         - feature_osquery.all
         - feature_fleet.all