Configure role based access for specific dashboards

Hello,

We are evaluating Kibana and ElasticSearch for a new project. We wish to create Dashboards to monitor issue status and activity, and it is going good so far.

But one of the key requirements we have is that specific roles should only be permitted access to few Dashboards. For example, Sales team should only be able to view Sales specific Dashboards.

We can, of course, restrict access to indices with X-Pack, but the visualizations show "No Data" instead of an access issue message. This could be misleading to the users.

So my question is, can we have role based access to Kibana Dashboards and Visualizations?
We should be able to specify which users/roles can access which Dashbords/Visualizations.

We also have some Dashboards where users should have selective access to specific visualizations according to their role. Is that possible?

Any help is much appreciated.

Hello,

This is normally achieved with Spaces. You can configure each role to be assigned to a specific space only (for example a "Sales" space) and they will only be able to see the dashboards and visualizations that are in that space.

Thanks for the reply @Marius_Dragomir.
We considered Spaces. But I understand it controls only visibility on the UI, and if I share URL of a Dashboard, others can still see it.
Is that not right?

That is for Spaces's feature control. But for saved objects, like dashboards and visualizations, they only exist in the space where they were created. For example somebody in Sales creates a dashboard in the Sales space and links to somebody that only has access to HR space, they won't be able to see it.

Okay thanks.
We are trying this out, it looks alright so far.

We also want personalized dashboard for each user, for example each user could have their own set of visualizations/saved queries/layout etc..
Now I don't think this would be a good idea to have thousands of Dashboards (saved objects) created (one dashboard for each user) to achieve this. Should we go in this way?

We are also exploring front-end hooks or plugins that we could write to apply user personalization just on the front-end client. Could you please suggest a good path to investigate this?

By default, I don't think there's any feature to allow each user's customization of their dashboards. right now. This is because there is no concept of user ownership of saved object, but this is high on the to-do list: https://github.com/elastic/kibana/issues/39259
At the same time it's a very complex undertaking so I can't offer an estimate of time for it.

Thanks for the confirmation.

This is what we are thinking -
We can store user personalizations (for example visualization colors) externally in a database.
Then we load the same Dashboard (in embedded form - iframe) for each user and apply the personalization on the front-end through a plugin. Could this be achieved?

That could be doable. You will have to change the visualization colors and other settings in the visState, but that's about it. I can't help with more specifics as this part of the code is not something I'm familiar with.

Thanks @Marius_Dragomir!
We are evaluating this now. Hopefully this should help us out.