[Request]: Privileges created using Security Solution's alerts dataview pattern #599
Description
What documentation page is affected
Troubleshoot Detection Rules (https://www.elastic.co/guide/en/security/current/ts-detection-rules.html)
What change would you like to see?
The broader issue with this UI creating misconfigured roles is captured here; this issue is requesting that we add a callout in our troubleshooting documentation that would allow users to diagnose/correct this situation.
As demonstrated in the inciting issue, the user would likely see a
This rule may not have the required read privileges
warning where they would otherwise not expect one, and as mentioned in the kibana issue the solution is to "itemize" their index privileges, i.e.:
auditbeat-*,filebeat-*: read/writebecomes:auditbeat-*: read/writeandfilebeat-*: read/write
Additional info
No response