Access to specific kibana dashboards

Hi all,

As a completely newbie here, I am going to ask you a question which you
might find find naive (or stupid!). I have a scenario where I would like to
restrict access from specific locations (say, IP addresses) to access
'specific' dashboards in Kibana. As far as I know that Apache level
access is based on relative static path/url, it won’t know detail how
kibana works. Is there any way/suggestion to control which users can load
which dashboards? Or may be I'm wrong, there is a way to do that. Your
suggestions would be really helpful. I am using Kibana 3 and I am not in a
position to use Shield.

Cheers!
Ruby

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/cc652358-4d42-4263-9238-a76f42de5dad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

You could do this with apache/nginx ACLs as KB3 simply loads a path, either
a file from the server's FS or from ES.

If you load it up you will see it in the URL.

On 16 April 2015 at 21:58, Rubaiyat Islam Sadat <
rubaiyatislam.sadat@gmail.com> wrote:

Hi all,

As a completely newbie here, I am going to ask you a question which you
might find find naive (or stupid!). I have a scenario where I would like to
restrict access from specific locations (say, IP addresses) to access
'specific' dashboards in Kibana. As far as I know that Apache level
access is based on relative static path/url, it won’t know detail how
kibana works. Is there any way/suggestion to control which users can load
which dashboards? Or may be I'm wrong, there is a way to do that. Your
suggestions would be really helpful. I am using Kibana 3 and I am not in a
position to use Shield.

Cheers!
Ruby

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/cc652358-4d42-4263-9238-a76f42de5dad%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/cc652358-4d42-4263-9238-a76f42de5dad%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X-YUiseERc6XxpSdP56aw9KUsZPyGPH9JH9g4spqD0Z_g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Thanks Mark for your kind reply. Would you a be bit more specific as I am a
newbie? I am sorry if I had not been clear enough what I want to achieve.
As far as I know that Apache level access is based on relative static
path/url, it won’t know detail how kibana works. I would like to restrict
access to 'some' of the kibana dashboards, not all. Is it possible to
achieve by configuring on the Kibana side? If on the apache side, do I have
restrict the specific URLs of the Kibana dashboard to the specific group of
people, e.g. as follows.

<Location /someDir>
Order deny,allow
deny from all
allow from 192.168.
allow from 104.113.

  <Location /anotherDir>
            Order deny,allow
            deny from all
            allow from 192.168.
            allow from 104.113.
  </Location>

In this case, for example, if I want to restrict an URL like
http://myESHost:9200/_plugin/kopf/#/!/cluster, what do I have to put after
<Location /???>. Sorry if I have asked a very naive question.

Thanks again for your time.

Cheers!
Ruby

On Friday, April 17, 2015 at 12:23:50 AM UTC+2, Mark Walkom wrote:

You could do this with apache/nginx ACLs as KB3 simply loads a path,
either a file from the server's FS or from ES.

If you load it up you will see it in the URL.

On 16 April 2015 at 21:58, Rubaiyat Islam Sadat <rubaiyati...@gmail.com
<javascript:>> wrote:

Hi all,

As a completely newbie here, I am going to ask you a question which you
might find find naive (or stupid!). I have a scenario where I would like to
restrict access from specific locations (say, IP addresses) to access
'specific' dashboards in Kibana. As far as I know that Apache level
access is based on relative static path/url, it won’t know detail how
kibana works. Is there any way/suggestion to control which users can load
which dashboards? Or may be I'm wrong, there is a way to do that. Your
suggestions would be really helpful. I am using Kibana 3 and I am not in a
position to use Shield.

Cheers!
Ruby

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/cc652358-4d42-4263-9238-a76f42de5dad%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/cc652358-4d42-4263-9238-a76f42de5dad%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3ca9c8e6-4861-46dc-9b34-b64931b46869%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

If you load kibana up you will see it gives you URLs like
..../dashboard/file/default.json or
..../dashboard/elasticsearch/dashboardname.json.

Using those paths you can then limit access.

On 17 April 2015 at 15:54, Rubaiyat Islam Sadat <
rubaiyatislam.sadat@gmail.com> wrote:

Thanks Mark for your kind reply. Would you a be bit more specific as I am
a newbie? I am sorry if I had not been clear enough what I want to achieve.
As far as I know that Apache level access is based on relative static
path/url, it won’t know detail how kibana works. I would like to restrict
access to 'some' of the kibana dashboards, not all. Is it possible to
achieve by configuring on the Kibana side? If on the apache side, do I have
restrict the specific URLs of the Kibana dashboard to the specific group of
people, e.g. as follows.

<Location /someDir>
Order deny,allow
deny from all
allow from 192.168.
allow from 104.113.

  <Location /anotherDir>
            Order deny,allow
            deny from all
            allow from 192.168.
            allow from 104.113.
  </Location>

In this case, for example, if I want to restrict an URL like
http://myESHost:9200/_plugin/kopf/#/!/cluster, what do I have to put
after <Location /???>. Sorry if I have asked a very naive question.

Thanks again for your time.

Cheers!
Ruby

On Friday, April 17, 2015 at 12:23:50 AM UTC+2, Mark Walkom wrote:

You could do this with apache/nginx ACLs as KB3 simply loads a path,
either a file from the server's FS or from ES.

If you load it up you will see it in the URL.

On 16 April 2015 at 21:58, Rubaiyat Islam Sadat rubaiyati...@gmail.com
wrote:

Hi all,

As a completely newbie here, I am going to ask you a question which you
might find find naive (or stupid!). I have a scenario where I would like to
restrict access from specific locations (say, IP addresses) to access
'specific' dashboards in Kibana. As far as I know that Apache level
access is based on relative static path/url, it won’t know detail how
kibana works. Is there any way/suggestion to control which users can load
which dashboards? Or may be I'm wrong, there is a way to do that. Your
suggestions would be really helpful. I am using Kibana 3 and I am not in a
position to use Shield.

Cheers!
Ruby

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/cc652358-4d42-4263-9238-a76f42de5dad%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/cc652358-4d42-4263-9238-a76f42de5dad%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/3ca9c8e6-4861-46dc-9b34-b64931b46869%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/3ca9c8e6-4861-46dc-9b34-b64931b46869%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X-5YuUGyX_3arOi1Cqg9%3D-MnwAcso3BTScL1tG5Qan%2BMw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Hi Mark,

Thanks mate. I have marked it as complete and will try this solution.

On Sunday, April 19, 2015 at 4:44:34 AM UTC+2, Mark Walkom wrote:

If you load kibana up you will see it gives you URLs like
..../dashboard/file/default.json or
..../dashboard/elasticsearch/dashboardname.json.

Using those paths you can then limit access.

On 17 April 2015 at 15:54, Rubaiyat Islam Sadat <rubaiyati...@gmail.com
<javascript:>> wrote:

Thanks Mark for your kind reply. Would you a be bit more specific as I am
a newbie? I am sorry if I had not been clear enough what I want to achieve.
As far as I know that Apache level access is based on relative static
path/url, it won’t know detail how kibana works. I would like to restrict
access to 'some' of the kibana dashboards, not all. Is it possible to
achieve by configuring on the Kibana side? If on the apache side, do I have
restrict the specific URLs of the Kibana dashboard to the specific group of
people, e.g. as follows.

<Location /someDir>
Order deny,allow
deny from all
allow from 192.168.
allow from 104.113.

  <Location /anotherDir>
            Order deny,allow
            deny from all
            allow from 192.168.
            allow from 104.113.
  </Location>

In this case, for example, if I want to restrict an URL like
http://myESHost:9200/_plugin/kopf/#/!/cluster, what do I have to put
after <Location /???>. Sorry if I have asked a very naive question.

Thanks again for your time.

Cheers!
Ruby

On Friday, April 17, 2015 at 12:23:50 AM UTC+2, Mark Walkom wrote:

You could do this with apache/nginx ACLs as KB3 simply loads a path,
either a file from the server's FS or from ES.

If you load it up you will see it in the URL.

On 16 April 2015 at 21:58, Rubaiyat Islam Sadat rubaiyati...@gmail.com
wrote:

Hi all,

As a completely newbie here, I am going to ask you a question which you
might find find naive (or stupid!). I have a scenario where I would like to
restrict access from specific locations (say, IP addresses) to access
'specific' dashboards in Kibana. As far as I know that Apache level
access is based on relative static path/url, it won’t know detail how
kibana works. Is there any way/suggestion to control which users can load
which dashboards? Or may be I'm wrong, there is a way to do that. Your
suggestions would be really helpful. I am using Kibana 3 and I am not in a
position to use Shield.

Cheers!
Ruby

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/cc652358-4d42-4263-9238-a76f42de5dad%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/cc652358-4d42-4263-9238-a76f42de5dad%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/3ca9c8e6-4861-46dc-9b34-b64931b46869%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/3ca9c8e6-4861-46dc-9b34-b64931b46869%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/67a39f7b-fdc5-4d54-8b9a-2b900c6e1883%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.