diff --git a/x-pack/plugins/osquery/cypress/integration/roles/admin.spec.ts b/x-pack/plugins/osquery/cypress/integration/roles/admin.spec.ts
new file mode 100644
index 0000000000000..a22177955c4ac
--- /dev/null
+++ b/x-pack/plugins/osquery/cypress/integration/roles/admin.spec.ts
@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { login } from '../../tasks/login';
+import { navigateTo } from '../../tasks/navigation';
+import { ROLES } from '../../test';
+import { checkResults, inputQuery, selectAllAgents, submitQuery } from '../../tasks/live_query';
+
+describe('Admin', () => {
+  beforeEach(() => {
+    login(ROLES.admin);
+    navigateTo('/app/osquery');
+  });
+
+  it('should be able to run live query with BASE All permissions', () => {
+    cy.contains('New live query').click();
+    selectAllAgents();
+    inputQuery('select * from uptime; ');
+    cy.wait(500);
+    submitQuery();
+    checkResults();
+  });
+});
diff --git a/x-pack/plugins/osquery/cypress/test/index.ts b/x-pack/plugins/osquery/cypress/test/index.ts
index 11cca6c93c553..48905420f9d3d 100644
--- a/x-pack/plugins/osquery/cypress/test/index.ts
+++ b/x-pack/plugins/osquery/cypress/test/index.ts
@@ -15,5 +15,6 @@ export enum ROLES {
   rule_author = 'rule_author',
   platform_engineer = 'platform_engineer',
   detections_admin = 'detections_admin',
+  admin = 'admin', // base: ['all']
   alert_test = 'alert_test',
 }
diff --git a/x-pack/plugins/osquery/scripts/roles_users/admin/delete_user.sh b/x-pack/plugins/osquery/scripts/roles_users/admin/delete_user.sh
new file mode 100755
index 0000000000000..9a26b09cf20b1
--- /dev/null
+++ b/x-pack/plugins/osquery/scripts/roles_users/admin/delete_user.sh
@@ -0,0 +1,11 @@
+
+#
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License
+# 2.0; you may not use this file except in compliance with the Elastic License
+# 2.0.
+#
+
+curl -v -H 'Content-Type: application/json' -H 'kbn-xsrf: 123'\
+ -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \
+-XDELETE ${ELASTICSEARCH_URL}/_security/user/admin
diff --git a/x-pack/plugins/osquery/scripts/roles_users/admin/get_role.sh b/x-pack/plugins/osquery/scripts/roles_users/admin/get_role.sh
new file mode 100755
index 0000000000000..10dc481194e5c
--- /dev/null
+++ b/x-pack/plugins/osquery/scripts/roles_users/admin/get_role.sh
@@ -0,0 +1,11 @@
+
+#
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License
+# 2.0; you may not use this file except in compliance with the Elastic License
+# 2.0.
+#
+
+curl -H 'Content-Type: application/json' -H 'kbn-xsrf: 123'\
+ -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \
+-XGET ${KIBANA_URL}/api/security/role/admin | jq -S .
diff --git a/x-pack/plugins/osquery/scripts/roles_users/admin/index.ts b/x-pack/plugins/osquery/scripts/roles_users/admin/index.ts
new file mode 100644
index 0000000000000..783937d100fe2
--- /dev/null
+++ b/x-pack/plugins/osquery/scripts/roles_users/admin/index.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import * as adminUser from './user.json';
+import * as adminRole from './role.json';
+
+export { adminUser, adminRole };
diff --git a/x-pack/plugins/osquery/scripts/roles_users/admin/post_role.sh b/x-pack/plugins/osquery/scripts/roles_users/admin/post_role.sh
new file mode 100755
index 0000000000000..b31a836fc677c
--- /dev/null
+++ b/x-pack/plugins/osquery/scripts/roles_users/admin/post_role.sh
@@ -0,0 +1,14 @@
+
+#
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License
+# 2.0; you may not use this file except in compliance with the Elastic License
+# 2.0.
+#
+
+ROLE_CONFIG=(${@:-./detections_role.json})
+
+curl -H 'Content-Type: application/json' -H 'kbn-xsrf: 123'\
+ -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \
+-XPUT ${KIBANA_URL}/api/security/role/admin \
+-d @${ROLE_CONFIG}
diff --git a/x-pack/plugins/osquery/scripts/roles_users/admin/post_user.sh b/x-pack/plugins/osquery/scripts/roles_users/admin/post_user.sh
new file mode 100755
index 0000000000000..e19e71fc601b3
--- /dev/null
+++ b/x-pack/plugins/osquery/scripts/roles_users/admin/post_user.sh
@@ -0,0 +1,14 @@
+
+#
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License
+# 2.0; you may not use this file except in compliance with the Elastic License
+# 2.0.
+#
+
+USER=(${@:-./detections_user.json})
+
+curl -H 'Content-Type: application/json' -H 'kbn-xsrf: 123'\
+ -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \
+ ${ELASTICSEARCH_URL}/_security/user/admin \
+-d @${USER}
diff --git a/x-pack/plugins/osquery/scripts/roles_users/admin/role.json b/x-pack/plugins/osquery/scripts/roles_users/admin/role.json
new file mode 100644
index 0000000000000..e8cd245fda341
--- /dev/null
+++ b/x-pack/plugins/osquery/scripts/roles_users/admin/role.json
@@ -0,0 +1,17 @@
+{
+  "elasticsearch": {
+    "indices": [
+      {
+        "names": ["logs-osquery_manager*"],
+        "privileges": ["read"]
+      }
+    ]
+  },
+  "kibana": [
+    {
+      "base": ["all"],
+      "spaces": ["*"]
+    }
+  ]
+}
+
diff --git a/x-pack/plugins/osquery/scripts/roles_users/admin/user.json b/x-pack/plugins/osquery/scripts/roles_users/admin/user.json
new file mode 100644
index 0000000000000..60e2dccc8be70
--- /dev/null
+++ b/x-pack/plugins/osquery/scripts/roles_users/admin/user.json
@@ -0,0 +1,6 @@
+{
+  "password": "changeme",
+  "roles": ["admin"],
+  "full_name": "Admin",
+  "email": "osquery@example.com"
+}
diff --git a/x-pack/plugins/osquery/server/plugin.ts b/x-pack/plugins/osquery/server/plugin.ts
index 6f0cf824684e7..93646ab40137e 100644
--- a/x-pack/plugins/osquery/server/plugin.ts
+++ b/x-pack/plugins/osquery/server/plugin.ts
@@ -45,7 +45,6 @@ const registerFeatures = (features: SetupPlugins['features']) => {
     app: [PLUGIN_ID, 'kibana'],
     catalogue: [PLUGIN_ID],
     order: 2300,
-    excludeFromBasePrivileges: true,
     privileges: {
       all: {
         api: [`${PLUGIN_ID}-read`, `${PLUGIN_ID}-write`],
diff --git a/x-pack/test/ui_capabilities/security_and_spaces/tests/catalogue.ts b/x-pack/test/ui_capabilities/security_and_spaces/tests/catalogue.ts
index 4c6f4fce0b5b6..bff67c0e3d5bc 100644
--- a/x-pack/test/ui_capabilities/security_and_spaces/tests/catalogue.ts
+++ b/x-pack/test/ui_capabilities/security_and_spaces/tests/catalogue.ts
@@ -50,9 +50,7 @@ export default function catalogueTests({ getService }: FtrProviderContext) {
             const expected = mapValues(
               uiCapabilities.value!.catalogue,
               (enabled, catalogueId) =>
-                catalogueId !== 'monitoring' &&
-                catalogueId !== 'osquery' &&
-                !esFeatureExceptions.includes(catalogueId)
+                catalogueId !== 'monitoring' && !esFeatureExceptions.includes(catalogueId)
             );
             expect(uiCapabilities.value!.catalogue).to.eql(expected);
             break;
@@ -69,7 +67,6 @@ export default function catalogueTests({ getService }: FtrProviderContext) {
               'appSearch',
               'workplaceSearch',
               'spaces',
-              'osquery',
               ...esFeatureExceptions,
             ];
             const expected = mapValues(
@@ -94,7 +91,6 @@ export default function catalogueTests({ getService }: FtrProviderContext) {
               'appSearch',
               'workplaceSearch',
               'spaces',
-              'osquery',
               ...esFeatureExceptions,
             ];
             const expected = mapValues(
diff --git a/x-pack/test/ui_capabilities/security_and_spaces/tests/nav_links.ts b/x-pack/test/ui_capabilities/security_and_spaces/tests/nav_links.ts
index bd990e7434fc8..74f1150965c5e 100644
--- a/x-pack/test/ui_capabilities/security_and_spaces/tests/nav_links.ts
+++ b/x-pack/test/ui_capabilities/security_and_spaces/tests/nav_links.ts
@@ -41,9 +41,7 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
           case 'dual_privileges_all at everything_space':
             expect(uiCapabilities.success).to.be(true);
             expect(uiCapabilities.value).to.have.property('navLinks');
-            expect(uiCapabilities.value!.navLinks).to.eql(
-              navLinksBuilder.except('monitoring', 'osquery')
-            );
+            expect(uiCapabilities.value!.navLinks).to.eql(navLinksBuilder.except('monitoring'));
             break;
           case 'everything_space_all at everything_space':
           case 'global_read at everything_space':
@@ -57,8 +55,7 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
                 'enterpriseSearch',
                 'enterpriseSearchContent',
                 'appSearch',
-                'workplaceSearch',
-                'osquery'
+                'workplaceSearch'
               )
             );
             break;