- Welcome to Elastic serverless
- Elasticsearch
- Serverless differences
- Elasticsearch billing dimensions
- Get started
- Connect to your endpoint
- Client libraries
- Get started with the serverless Go client
- Get started with the serverless Java client
- Get started with the serverless .NET client
- Get started with the serverless Node.js client
- Get started with the serverless PHP client
- Get started with the serverless Python client
- Get started with the serverless Ruby client
- REST APIs
- Developer tools
- Ingest your data
- Search your data
- Explore your data
- Playground
- Elastic Observability
- Get started
- Applications and services
- Application performance monitoring (APM)
- Get started with traces and APM
- Send APM data to Elastic
- View and analyze traces
- APM data types
- Distributed tracing
- Reduce your data usage
- Keep APM data secure
- Troubleshooting
- Reference
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure a Synthetics project
- Multifactor Authentication for browser monitors
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Scale and architect a deployment
- Synthetics Encryption and Security
- Troubleshooting
- Application performance monitoring (APM)
- Infrastructure and hosts
- Logs
- Inventory
- Incident management
- Data set quality
- Observability AI Assistant
- Machine learning
- Reference
- Limitations
- Elastic Security
- Elastic Security overview
- Security billing dimensions
- Create a Security project
- Elastic Security requirements
- Elastic Security UI
- AI for Security
- Ingest data
- Configure endpoint protection with Elastic Defend
- Manage Elastic Defend
- Endpoint response actions
- Secure cloud native resources
- Explore your data
- Dashboards
- Detection engine overview
- Rules
- Alerts
- Advanced Entity Analytics
- Investigation tools
- Asset management
- Manage settings
- Troubleshooting
- Dev tools
- Project and management settings
Assign user roles and privileges
editAssign user roles and privileges
editWithin an organization, users can have one or more roles and each role grants specific privileges.
You must assign user roles when you invite users to join your organization. To subsequently edit the roles assigned to a user:
- Go to the user icon on the header bar and select Organization.
- Find the user on the Members tab of the Organization page. Click the member name to view and edit its roles.
Organization-level roles
edit- Organization owner. Can manage all roles under the organization and has full access to all serverless projects, organization-level details, billing details, and subscription levels. This role is assigned by default to the person who created the organization.
- Billing admin. Has access to all invoices and payment methods. Can make subscription changes.
Instance access roles
editEach serverless project type has a set of predefined roles that you can assign to your organization members. You can assign the predefined roles:
- globally, for all projects of the same type (Elasticsearch Serverless, Elastic Observability Serverless, or Elastic Security). In this case, the role will also apply to new projects created later.
- individually, for specific projects only. To do that, you have to set the Role for all field of that specific project type to None.
For example, you can assign a user the developer role for a specific Elasticsearch Serverless project:
You can also optionally create custom roles in a project. To assign a custom role to users, go to "Instance access roles" and select it from the list under the specific project it was created in.
Elasticsearch
edit- Admin. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.
- Developer. Creates API keys, indices, data streams, adds connectors, and builds visualizations.
- Viewer. Has read-only access to project details, data, and features.
Elastic Observability Serverless
edit- Admin. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.
- Editor. Configures all Observability projects. Has read-only access to data indices. Has full access to all project features.
- Viewer. Has read-only access to project details, data, and features.
Elastic Security
edit- Admin. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.
- Editor. Configures all Security projects. Has read-only access to data indices. Has full access to all project features.
- Viewer. Has read-only access to project details, data, and features.
- Tier 1 analyst. Ideal for initial alert triage. General read access, can create dashboards and visualizations.
- Tier 2 analyst. Ideal for alert triage and beginning the investigation process. Can create cases.
- Tier 3 analyst. Deeper investigation capabilities. Access to rules, lists, cases, Osquery, and response actions.
- Threat intelligence analyst. Access to alerts, investigation tools, and intelligence pages.
- Rule author. Access to detection engineering and rule creation. Can create rules from available data sources and add exceptions to reduce false positives.
- SOC manager. Access to alerts, cases, investigation tools, endpoint policy management, and response actions.
- Endpoint operations analyst. Access to endpoint response actions. Can manage endpoint policies, Fleet, and integrations.
- Platform engineer. Access to Fleet, integrations, endpoints, and detection content.
- Detections admin. All available detection engine permissions to include creating rule actions, such as notifications to third-party systems.
- Endpoint policy manager. Access to endpoint policy management and related artifacts. Can manage Fleet and integrations.
On this page
Was this helpful?
Thank you for your feedback.