Replaces all links to point to the deduplicated/reconciled roles page (#2794)

The Elasticsearch [Built-in roles page in the Deploy and manage
section](https://www.elastic.co/docs/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles)
is being replaced with its [counterpart in the Reference
section](https://www.elastic.co/docs/reference/elasticsearch/roles).
This PR replaces all links from within the narrative docs to the correct
(deduplicated and reconciled) page.

Relates to #2738 and
[#133831](elastic/elasticsearch#133831)

Author: yetanothertw

deploy-manage/manage-spaces.md

@@ -82,7 +82,7 @@ To create a space:
 3. If you selected the **Classic** solution view, you can customize the **Feature visibility** as you need it to be for that space.
 
    :::{note}
-   Even when disabled in this menu, some Management features can remain visible to some users depending on their privileges. Additionally, controlling feature visibility is not a security feature. To secure access to specific features on a per-user basis, you must configure [{{kib}} Security](/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md).
+   Even when disabled in this menu, some Management features can remain visible to some users depending on their privileges. Additionally, controlling feature visibility is not a security feature. To secure access to specific features on a per-user basis, you must configure [{{kib}} Security](elasticsearch://reference/elasticsearch/roles.md).
    :::
 
 4. Customize the avatar of the space to your liking.

deploy-manage/monitor/stack-monitoring/es-self-monitoring-prod.md

@@ -49,9 +49,9 @@ To store monitoring data in a separate cluster:
         ::::
 
 
-        * If you plan to use {{agent}}, create a user that has the `remote_monitoring_collector` [built-in role](../../../deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md#built-in-roles-remote-monitoring-agent) and that the monitoring related [integration assets have been installed](/reference/fleet/install-uninstall-integration-assets.md#install-integration-assets) on the remote monitoring cluster.
-        * If you plan to use {{metricbeat}}, create a user that has the `remote_monitoring_collector` built-in role and a user that has the `remote_monitoring_agent` [built-in role](../../../deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md#built-in-roles-remote-monitoring-agent). Alternatively, use the `remote_monitoring_user` [built-in user](../../../deploy-manage/users-roles/cluster-or-deployment-auth/built-in-users.md).
-        * If you plan to use HTTP exporters to route data through your production cluster, create a user that has the `remote_monitoring_agent` [built-in role](../../../deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md#built-in-roles-remote-monitoring-agent).
+        * If you plan to use {{agent}}, create a user that has the `remote_monitoring_collector` [built-in role](elasticsearch://reference/elasticsearch/roles.md#built-in-roles-remote-monitoring-collector) and that the monitoring related [integration assets have been installed](/reference/fleet/install-uninstall-integration-assets.md#install-integration-assets) on the remote monitoring cluster.
+        * If you plan to use {{metricbeat}}, create a user that has the `remote_monitoring_collector` built-in role and a user that has the `remote_monitoring_agent` [built-in role](elasticsearch://reference/elasticsearch/roles.md#built-in-roles-remote-monitoring-agent). Alternatively, use the `remote_monitoring_user` [built-in user](../../../deploy-manage/users-roles/cluster-or-deployment-auth/built-in-users.md).
+        * If you plan to use HTTP exporters to route data through your production cluster, create a user that has the `remote_monitoring_agent` [built-in role](elasticsearch://reference/elasticsearch/roles.md#built-in-roles-remote-monitoring-agent).
 
             For example, the following request creates a `remote_monitor` user that has the `remote_monitoring_agent` role:
 

deploy-manage/users-roles.md

@@ -122,7 +122,7 @@ After a user is authenticated, use role-based access control to determine whethe
 
 Key tasks for managing user authorization include: 
 
-* Assigning [built-in roles](/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md) or [defining your own](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md)
+* Assigning [built-in roles](elasticsearch://reference/elasticsearch/roles.md) or [defining your own](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md)
 * [Mapping users and groups to roles](/deploy-manage/users-roles/cluster-or-deployment-auth/mapping-users-groups-to-roles.md)
 * [Setting up field- and document-level security](/deploy-manage/users-roles/cluster-or-deployment-auth/controlling-access-at-document-field-level.md)
 

deploy-manage/users-roles/_snippets/org-vs-deploy-sso.md

@@ -6,7 +6,7 @@ The option that you choose depends on your requirements:
 | --- | --- | --- |
 | **Management experience** | Manage authentication and role mapping centrally for all deployments in the organization | Configure SSO for each deployment individually |
 | **Authentication protocols** | SAML only | Multiple protocols, including LDAP, OIDC, and SAML |
-| **Role mapping** | [Organization-level roles and cloud resource access roles](../../../deploy-manage/users-roles/cloud-organization/user-roles.md), Serverless project [custom roles](/deploy-manage/users-roles/serverless-custom-roles.md) | [Built-in](../../../deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md) and [custom](../../../deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md) stack-level roles |
+| **Role mapping** | [Organization-level roles and cloud resource access roles](../../../deploy-manage/users-roles/cloud-organization/user-roles.md), Serverless project [custom roles](/deploy-manage/users-roles/serverless-custom-roles.md) | [Built-in](elasticsearch://reference/elasticsearch/roles.md) and [custom](../../../deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md) stack-level roles |
 | **User experience** | Users interact with Cloud | Users interact with the deployment directly |
 
 If you want to avoid exposing users to the {{ecloud}} Console, or have users who only interact with some deployments, then you might prefer users to interact with your deployment directly.

deploy-manage/users-roles/cloud-organization/user-roles.md

@@ -74,7 +74,7 @@ For {{ech}} deployments, the following predefined roles are available:
 There are two ways for a user to access {{kib}} instances of an {{ech}} deployment:
 
 * [Directly with {{es}} credentials](/deploy-manage/users-roles/cluster-or-deployment-auth.md). In this case, users and their roles are managed directly in {{kib}}. Users in this case don’t need to be members of the {{ecloud}} organization to access the deployment. Note that if you have several deployments, you need to manage users for each of them, individually.
-* Through your {{ecloud}} organization. In this case, users who are members of your organization log in to {{ecloud}} and can open the deployments they have access to. Their access level is determined by the roles assigned to them from the **Organization** page. {{ecloud}} roles are mapped to [{{stack}} roles](/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md) on a per-deployment level. When logging in to a specific deployment, users get the stack role that maps to their {{ecloud}} role for that particular deployment.
+* Through your {{ecloud}} organization. In this case, users who are members of your organization log in to {{ecloud}} and can open the deployments they have access to. Their access level is determined by the roles assigned to them from the **Organization** page. {{ecloud}} roles are mapped to [{{stack}} roles](elasticsearch://reference/elasticsearch/roles.md) on a per-deployment level. When logging in to a specific deployment, users get the stack role that maps to their {{ecloud}} role for that particular deployment.
 
 The following table shows the default mapping:
 

deploy-manage/users-roles/cluster-or-deployment-auth.md

@@ -47,7 +47,7 @@ After a user is authenticated, use role-based access control to determine whethe
 Key tasks for managing user authorization include:
 
 * [Defining roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md)
-* Assigning [built-in roles](/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md) or your own roles to users
+* Assigning [built-in roles](elasticsearch://reference/elasticsearch/roles.md) or your own roles to users
 * Creating [mappings of users and groups to roles](/deploy-manage/users-roles/cluster-or-deployment-auth/mapping-users-groups-to-roles.md) for external authentication providers
 * [Setting up field- and document-level security](/deploy-manage/users-roles/cluster-or-deployment-auth/controlling-access-at-document-field-level.md)
 

deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md

@@ -107,7 +107,7 @@ $$$built-in-roles-ml-user$$$ `machine_learning_user`
 :   Grants the minimum privileges required to view {{ml}} configuration, status, and work with results. This role grants `monitor_ml` cluster privileges, read access to the `.ml-notifications` and `.ml-anomalies*` indices (which store {{ml}} results), and write access to `.ml-annotations*` indices. {{ml-cap}} users also need index privileges for source and destination indices and roles that grant access to {{kib}}. See [{{ml-cap}} security privileges](../../../explore-analyze/machine-learning/setting-up-machine-learning.md#setup-privileges).
 
 $$$built-in-roles-monitoring-user$$$ `monitoring_user`
-:   Grants the minimum privileges required for any user of {{monitoring}} other than those required to use {{kib}}. This role grants access to the monitoring indices and grants privileges necessary for reading basic cluster information. This role also includes all [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md) for the {{stack-monitor-features}}. Monitoring users should also be assigned the `kibana_admin` role, or another role with [access to the {{kib}} instance](../../../deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md).
+:   Grants the minimum privileges required for any user of {{monitoring}} other than those required to use {{kib}}. This role grants access to the monitoring indices and grants privileges necessary for reading basic cluster information. This role also includes all [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md) for the {{stack-monitor-features}}. Monitoring users should also be assigned the `kibana_admin` role, or another role with [access to the {{kib}} instance](elasticsearch://reference/elasticsearch/roles.md).
 
 $$$built-in-roles-remote-monitoring-agent$$$ `remote_monitoring_agent`
 :   Grants the minimum privileges required to write data into the monitoring indices (`.monitoring-*`). This role also has the privileges necessary to create {{metricbeat}} indices (`metricbeat-*`) and write data into them.

deploy-manage/users-roles/cluster-or-deployment-auth/built-in-users.md

@@ -28,7 +28,7 @@ On {{ecloud}}, [operator privileges](/deploy-manage/users-roles/cluster-or-deplo
 The following built-in users are available:
 
 `elastic`
-:   A built-in [superuser](/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md).
+:   A built-in [superuser](elasticsearch://reference/elasticsearch/roles.md#built-in-roles-superuser).
 
     Anyone who can log in as the `elastic` user has direct read-only access to restricted indices, such as `.security`. This user also has the ability to manage security and create roles with unlimited privileges.
 

deploy-manage/users-roles/cluster-or-deployment-auth/mapping-users-groups-to-roles.md

@@ -40,7 +40,7 @@ The native and file realms assign roles directly to users. Native realms use [us
 
 ## Role sources
 
-Before you use role mappings to assign roles to users, the roles must exist. You can assign [built-in roles](/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md), or [custom roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md) defined through [the UI](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md), [the API](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#roles-management-api), or [a roles file](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#roles-management-file).
+Before you use role mappings to assign roles to users, the roles must exist. You can assign [built-in roles](elasticsearch://reference/elasticsearch/roles.md), or [custom roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md) defined through [the UI](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md), [the API](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#roles-management-api), or [a roles file](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#roles-management-file).
 
 Any role mapping method can use any role management method. For example, when you use the role mapping API, you are able to map users to both API-managed roles (added using the UI or directly using the API) and file-managed roles. The same applies to file-based role-mappings.
 

deploy-manage/users-roles/cluster-or-deployment-auth/user-roles.md

@@ -66,7 +66,7 @@ A role has a unique name and identifies a set of permissions that translate to p
 
 Review these topics to learn how to configure RBAC in your cluster or deployment:
 
-* Learn about [built-in roles](/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md)
+* Learn about [built-in roles](elasticsearch://reference/elasticsearch/roles.md)
 * [Define your own roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md)
 * Learn about the [Elasticsearch](elasticsearch://reference/elasticsearch/security-privileges.md) and [Kibana](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md) privileges you can assign to roles
 * Learn how to [control access at the document and field level](/deploy-manage/users-roles/cluster-or-deployment-auth/controlling-access-at-document-field-level.md)