Hey @alfredo.deluca ,
Sorry I'm not sure I completely understand what you mean. Maybe you can describe with a bit more details what you already have, what is working and what doesn't and how exactly.
Best,
Oleg
Additionally, which roles should be used for the anonymous user, if I implement kibana_admin it shares editing features and I am looking for a view only role.
Yeah, kibana_admin is definitely not something you'd want to give to anonymous users. You're supposed to create a dedicated role that grants only as much privileges as needed and it really depends on your particular use case, there is no one-fits-all role here.
Here is the very nice guide that can help you to get started: Securing access to Kibana | Kibana Guide [8.11] | Elastic
There are also some links that you can find useful:
- Kibana role management | Kibana Guide [8.11] | Elastic
- Kibana privileges | Kibana Guide [8.11] | Elastic
- Spaces | Kibana Guide [master] | Elastic
And in general granting any of the built-in roles (kibana_admin, superuser, kibana_system etc.) to anonymous service account is a big NO-NO in most of the cases unless you completely understand what you're doing.
Best,
Oleg
Hi Oleg. sorry! I will try to be more clear.
Thanks to your info I was able to see the following
Also I was able to have the public uRL feature, when I share a dashboard.
The problem is if now we can embed a dashboard with users in the company without login/account for them, anyone in the world with the our kibana url can see
then click on Continue as Guest, can see our dashboards and I would like to avoid that, actually management will not allow me to do so.
So I wonder if it is possible to remove the CONTINUE AS GUEST selector but still sharing the dashboard with the public URL and without a login/account.
Cheers
I see now, thanks. So yeah, you can hide Continue as Guest if you set showInSelector config property of the anonymous authentication provider to false.
anyone in the world with the our kibana url can see
But showInSelector: false just hides this option from the Login Selector UI for convinience, anonymous access is still enabled and, as mentioned in Authentication in Kibana | Kibana Guide [8.11] | Elastic, anyone with access to the network Kibana is exposed to technically (e.g. use the same URL that your iframe uses) will be able to access Kibana. If Kibana is exposed to Internet, then anyone in the world can use anonymous access to enter Kibana, that's why it's so crucial to properly setup roles and privileges for the anonymous service account.
If it's not something you expect then, unfortunately, anonymous access isn't what you need. The thing you'd need is Single-Sign On (SAML, OpenID Connect, whatever your users use to log in to your SharePoint website) then.
Best,
Oleg
1 Like
thanks heaps. Oleg.
Appreciated
I will give it a try and see what they think. For now I will implement the showInSelector: false.
Cheers and I will keep you posted
Hi oleg.
I was able to implement the anonymous user setup + not showing it on the login selector.
Of course I am aware of that is still a public url.
Cheers
/Alf
Thanks for the update, glad it worked out!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.