From 7242c43beec98748782283f2f7a35028c3965032 Mon Sep 17 00:00:00 2001
From: Sergi Massaneda <sergi.massaneda@elastic.co>
Date: Tue, 21 Jan 2025 15:50:53 +0100
Subject: [PATCH] [Security Solution] Fix old siem feature override (#207333)

## Summary

Adds the feature override for the old `siem` feature as well, we changed
that to the new one here

https://github.com/elastic/kibana/pull/201780/files#diff-5aba630e58630c087c90368aa97296afb736f62579a23285cef901dc1c3921edR27

Related failure: https://github.com/elastic/kibana/issues/207285

The problem happened because MKI tests are using the outdated roles
definition with the old `feature_siem` which was lacking the feature
override in the serverless.security.yml

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
(cherry picked from commit 9077414852f86a70aba5259e9f62d12a53a63090)
---
 config/serverless.security.yml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/config/serverless.security.yml b/config/serverless.security.yml
index 81bed96ab3807..705e85063fa51 100644
--- a/config/serverless.security.yml
+++ b/config/serverless.security.yml
@@ -48,6 +48,33 @@ xpack.features.overrides:
         - feature: "maps"
           privileges: [ "read" ]
 
+  ### Security's feature privileges are fine-tuned to grant access to Discover, Dashboard, Maps, and Visualize apps.
+  siem:
+    privileges:
+      ### Security's `All` feature privilege should implicitly grant `All` access to Discover, Dashboard, Maps, and
+      ### Visualize features.
+      all.composedOf:
+        - feature: "discover"
+          privileges: [ "all" ]
+        - feature: "dashboard"
+          privileges: [ "all" ]
+        - feature: "visualize"
+          privileges: [ "all" ]
+        - feature: "maps"
+          privileges: [ "all" ]
+      # Security's `Read` feature privilege should implicitly grant `Read` access to Discover, Dashboard, Maps, and
+      # Visualize features. Additionally, it should implicitly grant privilege to create short URLs in Discover,
+      ### Dashboard, and Visualize apps.
+      read.composedOf:
+        - feature: "discover"
+          privileges: [ "read" ]
+        - feature: "dashboard"
+          privileges: [ "read" ]
+        - feature: "visualize"
+          privileges: [ "read" ]
+        - feature: "maps"
+          privileges: [ "read" ]
+
 ## Cloud settings
 xpack.cloud.serverless.project_type: security