[8.18] [Fix]Removes synonyms read-only permission. (#211471) (#211557)

# Backport

This will backport the following commits from `main` to `8.18`:
- [[Fix]Removes synonyms read-only permission.
(#211471)](https://github.com/elastic/kibana/pull/211471)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Efe Gürkan
YALAMAN","email":"efeguerkan.yalaman@elastic.co"},"sourceCommit":{"committedDate":"2025-02-18T11:59:27Z","message":"[Fix]Removes
synonyms read-only permission. (#211471)\n\n## Summary\r\n\r\nKibana
permission for read-only is removed. This is not a breaking\r\nchange
while the feature is not yet released.\r\nCluster requirements make it
obsolete.\r\nAlso fixed warnings on permission names.\r\n\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [x] This was checked for breaking HTTP API changes, and
any breaking\r\nchanges have been approved by the breaking-change
committee. The\r\n`release_note:breaking` label should be applied in
these situations.\r\n- [x] The PR description includes the appropriate
Release Notes section,\r\nand the correct `release_note:*` label is
applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"148d47ced142456d68322fe6097287e84255ca7d","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v9.0.0","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Fix]Removes
synonyms read-only
permission.","number":211471,"url":"https://github.com/elastic/kibana/pull/211471","mergeCommit":{"message":"[Fix]Removes
synonyms read-only permission. (#211471)\n\n## Summary\r\n\r\nKibana
permission for read-only is removed. This is not a breaking\r\nchange
while the feature is not yet released.\r\nCluster requirements make it
obsolete.\r\nAlso fixed warnings on permission names.\r\n\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [x] This was checked for breaking HTTP API changes, and
any breaking\r\nchanges have been approved by the breaking-change
committee. The\r\n`release_note:breaking` label should be applied in
these situations.\r\n- [x] The PR description includes the appropriate
Release Notes section,\r\nand the correct `release_note:*` label is
applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"148d47ced142456d68322fe6097287e84255ca7d"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211471","number":211471,"mergeCommit":{"message":"[Fix]Removes
synonyms read-only permission. (#211471)\n\n## Summary\r\n\r\nKibana
permission for read-only is removed. This is not a breaking\r\nchange
while the feature is not yet released.\r\nCluster requirements make it
obsolete.\r\nAlso fixed warnings on permission names.\r\n\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [x] This was checked for breaking HTTP API changes, and
any breaking\r\nchanges have been approved by the breaking-change
committee. The\r\n`release_note:breaking` label should be applied in
these situations.\r\n- [x] The PR description includes the appropriate
Release Notes section,\r\nand the correct `release_note:*` label is
applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"148d47ced142456d68322fe6097287e84255ca7d"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Efe Gürkan YALAMAN <efeguerkan.yalaman@elastic.co>

x-pack/solutions/search/plugins/search_synonyms/server/plugin.ts

@@ -49,22 +49,21 @@ export class SearchSynonymsPlugin
       privileges: {
         all: {
           app: ['kibana', PLUGIN_ID],
-          api: ['synonyms:manage', 'synonyms:read'],
+          api: ['manage_synonyms'],
           catalogue: [PLUGIN_ID],
           savedObject: {
             all: [],
             read: [],
           },
-          ui: ['read', 'save'],
+          ui: ['manage'],
         },
         read: {
-          app: ['kibana', PLUGIN_ID],
-          api: ['synonyms:read'],
+          disabled: true,
           savedObject: {
             all: [],
             read: [],
           },
-          ui: ['read'],
+          ui: [],
         },
       },
     });
@@ -72,7 +71,7 @@ export class SearchSynonymsPlugin
     return {};
   }
 
-  public start(core: CoreStart) {
+  public start(_: CoreStart) {
     return {};
   }
 

x-pack/solutions/search/plugins/search_synonyms/server/routes.ts

@@ -26,11 +26,10 @@ export function defineRoutes({ logger, router }: { logger: Logger; router: IRout
       path: APIRoutes.SYNONYM_SETS,
       options: {
         access: 'internal',
-        tags: ['synonyms:read'],
       },
       security: {
         authz: {
-          requiredPrivileges: ['synonyms:read'],
+          requiredPrivileges: ['manage_synonyms'],
         },
       },
       validate: {
@@ -78,11 +77,10 @@ export function defineRoutes({ logger, router }: { logger: Logger; router: IRout
       path: APIRoutes.SYNONYM_SET_ID,
       options: {
         access: 'internal',
-        tags: ['synonyms:write', 'synonyms:read'],
       },
       security: {
         authz: {
-          requiredPrivileges: ['synonyms:write', 'synonyms:read'],
+          requiredPrivileges: ['manage_synonyms'],
         },
       },
       validate: {
@@ -119,11 +117,10 @@ export function defineRoutes({ logger, router }: { logger: Logger; router: IRout
       path: APIRoutes.SYNONYM_SET_ID,
       options: {
         access: 'internal',
-        tags: ['synonyms:read'],
       },
       security: {
         authz: {
-          requiredPrivileges: ['synonyms:read'],
+          requiredPrivileges: ['manage_synonyms'],
         },
       },
       validate: {
@@ -177,11 +174,10 @@ export function defineRoutes({ logger, router }: { logger: Logger; router: IRout
       path: APIRoutes.SYNONYM_SET_ID_RULE_ID,
       options: {
         access: 'internal',
-        tags: ['synonyms:read'],
       },
       security: {
         authz: {
-          requiredPrivileges: ['synonyms:read'],
+          requiredPrivileges: ['manage_synonyms'],
         },
       },
       validate: {
@@ -228,11 +224,10 @@ export function defineRoutes({ logger, router }: { logger: Logger; router: IRout
       path: APIRoutes.SYNONYM_SET_ID_RULE_ID,
       options: {
         access: 'internal',
-        tags: ['synonyms:write', 'synonyms:read'],
       },
       security: {
         authz: {
-          requiredPrivileges: ['synonyms:write', 'synonyms:read'],
+          requiredPrivileges: ['manage_synonyms'],
         },
       },
       validate: {
@@ -279,11 +274,10 @@ export function defineRoutes({ logger, router }: { logger: Logger; router: IRout
       path: APIRoutes.SYNONYM_SET_ID,
       options: {
         access: 'internal',
-        tags: ['synonyms:write', 'synonyms:read'],
       },
       security: {
         authz: {
-          requiredPrivileges: ['synonyms:write', 'synonyms:read'],
+          requiredPrivileges: ['manage_synonyms'],
         },
       },
       validate: {
@@ -328,11 +322,10 @@ export function defineRoutes({ logger, router }: { logger: Logger; router: IRout
       path: APIRoutes.GENERATE_SYNONYM_RULE_ID,
       options: {
         access: 'internal',
-        tags: ['synonyms:write', 'synonyms:read'],
       },
       security: {
         authz: {
-          requiredPrivileges: ['synonyms:write', 'synonyms:read'],
+          requiredPrivileges: ['manage_synonyms'],
         },
       },
       validate: {
@@ -377,11 +370,10 @@ export function defineRoutes({ logger, router }: { logger: Logger; router: IRout
       path: APIRoutes.SYNONYM_SET_ID_RULE_ID,
       options: {
         access: 'internal',
-        tags: ['synonyms:write', 'synonyms:read'],
       },
       security: {
         authz: {
-          requiredPrivileges: ['synonyms:write', 'synonyms:read'],
+          requiredPrivileges: ['manage_synonyms'],
         },
       },
       validate: {

x-pack/test/ui_capabilities/security_and_spaces/tests/nav_links.ts

@@ -67,6 +67,7 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
                 'enterpriseSearchApplications',
                 'enterpriseSearchAnalytics',
                 'searchPlayground',
+                'searchSynonyms',
                 'searchInferenceEndpoints',
                 'guidedOnboardingFeature',
                 'securitySolutionAssistant',