diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
index 96287843e6943..eb0c77deb86c2 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
@@ -328,6 +328,8 @@ static RoleDescriptor kibanaSystem(String name) {
                         "indices:admin/data_stream/lifecycle/put"
                     )
                     .build(),
+                // Read datasets for auto install content packages feature in Fleet
+                RoleDescriptor.IndicesPrivileges.builder().indices("logs-*", "metrics-*", "traces-*").privileges("read").build(),
                 // Endpoint specific action responses. Kibana reads and writes (for third party
                 // agents) to the index to display action responses to the user.
                 // `create_index`: is necessary in order to ensure that the DOT datastream index is
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
index 21e3d3ad0cd6c..04e0355f7a773 100644
--- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
+++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
@@ -1397,7 +1397,10 @@ public void testKibanaSystemRole() {
                 || indexName.startsWith(".logs-endpoint.actions-")
                 || indexName.startsWith(".logs-endpoint.action.responses-")
                 || indexName.startsWith(".logs-endpoint.heartbeat-")
-                || indexName.startsWith(".logs-osquery_manager.actions-");
+                || indexName.startsWith(".logs-osquery_manager.actions-")
+                || indexName.startsWith("logs-")
+                || indexName.startsWith("metrics-")
+                || indexName.startsWith("traces-");
             assertThat(
                 kibanaRole.indices().allowedIndicesMatcher(TransportGetAction.TYPE.name()).test(indexAbstraction),
                 is(isAlsoReadIndex)