CSPM privilege requirements
Serverless Security Stack
This page lists required privileges for Elastic Security's CSPM features. There are three access levels: read, write, and manage. Each access level and its requirements are described next on this page.
Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard.
Read privileges for the following Elasticsearch indices:
logs-cloud_security_posture.findings_latest-*logs-cloud_security_posture.scores-*-
Stack
Serverless
security_solution-cloud_security_posture.misconfiguration_latest*
Security: Read
Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, and enable or disable benchmark rules.
Read privileges for the following Elasticsearch indices:
logs-cloud_security_posture.findings_latest-*logs-cloud_security_posture.scores-*-
Stack
Serverless
security_solution-cloud_security_posture.misconfiguration_latest*
Security: All
Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, enable or disable benchmark rules, and install, update, or uninstall CSPM integrations and assets.
Read privileges for the following Elasticsearch indices:
logs-cloud_security_posture.findings_latest-*logs-cloud_security_posture.scores-*-
Stack
Serverless
security_solution-cloud_security_posture.misconfiguration_latest*
Security: AllSpaces: AllFleet: AllIntegrations: All