From 791235f6da9e8581521ae13c1114a4c0ddb0d16f Mon Sep 17 00:00:00 2001
From: abhishekbhatia1710 <abhishek.bhatia@elastic.co>
Date: Fri, 12 Sep 2025 14:35:37 +0530
Subject: [PATCH] Code changes to add Privileged User Monitoring index in the
 Reserved roles store.

---
 .../xpack/core/security/authz/store/ReservedRolesStore.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
index dc3db9d5c88df..deb3138d895bc 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
@@ -78,6 +78,7 @@ public class ReservedRolesStore implements BiConsumer<Set<String>, ActionListene
     /** "Security Solutions" Entity Store and Asset Criticality indices for Asset Inventory and Entity Analytics */
     public static final String ENTITY_STORE_V1_LATEST_INDEX = ".entities.v1.latest.security_*";
     public static final String ASSET_CRITICALITY_INDEX = ".asset-criticality.asset-criticality-*";
+    public static final String PRIVILEGED_USER_MONITORING_INDEX = ".entity_analytics.monitoring*";
 
     /** Index pattern for Universal Profiling */
     public static final String UNIVERSAL_PROFILING_ALIASES = "profiling-*";
@@ -780,7 +781,8 @@ private static RoleDescriptor buildViewerRoleDescriptor() {
                         ReservedRolesStore.LISTS_INDEX_REINDEXED_V8,
                         ReservedRolesStore.LISTS_ITEMS_INDEX_REINDEXED_V8,
                         ReservedRolesStore.ENTITY_STORE_V1_LATEST_INDEX,
-                        ReservedRolesStore.ASSET_CRITICALITY_INDEX
+                        ReservedRolesStore.ASSET_CRITICALITY_INDEX,
+                        ReservedRolesStore.PRIVILEGED_USER_MONITORING_INDEX
                     )
                     .privileges("read", "view_index_metadata")
                     .build(),
@@ -849,7 +851,7 @@ private static RoleDescriptor buildEditorRoleDescriptor() {
                     .build(),
                 // Security - Entity Store is view only
                 RoleDescriptor.IndicesPrivileges.builder()
-                    .indices(ReservedRolesStore.ENTITY_STORE_V1_LATEST_INDEX)
+                    .indices(ReservedRolesStore.ENTITY_STORE_V1_LATEST_INDEX, ReservedRolesStore.PRIVILEGED_USER_MONITORING_INDEX)
                     .privileges("read", "view_index_metadata")
                     .build(),
                 // Alerts-as-data