I am new to Elasticsearch and I am stumbling around. I am following the best practice of creating separate spaces for different user groups. For example I have a space for my networking team and another for my security team. I understand how to create the roles and utilize role mappings. What I am struggling with is how to identify what Elasticsearch privileges are needed for different apps. I am not talking about Kibana privilege's.
For example, I want to allow my network team access to Observability Metrics. Currently they can see the squares representing the systems but they cannot view the data. How do I determine what permissions are needed to allow read access?
I have searched the documentation and sometimes I do find information describing what permissions are needed but not all cases. Can I use dev tools to determine what permissions an app needs so I can grant those permissions to an individual or role? Can someone give an example of that process?
You can start off my creating the spaces and assigning the users to that space via the Roles. You can then fine tune the access privileges down to what they can do and what indices they have access to and what they can perform. That usually is a good starting point.
Also the API's can provide you with a lot of needed information on your configuration.
I have created the spaces and assigned the users via roles. The issue I am having is, as I bump into access issues, I have a hard time identifying the root cause. I am still learning how to use Dev_tools and it's not intuitive to me how to create the queries. Any pointer would helpful or recommendation of a good reference. I'm finding it challenging to find what I need in the online docs. The examples don't seem to meet my use case.
I created a space and granted access to Observability Metrics. The user I am testing with can see the icons representing the systems but the CPU utilization is not showing on the icon like it is for me when I am logged in as an administrative user. Also, in the same page, if I change the view and try to save it I get a pop-up indicating a problem but there is no text in the pop-up to tell me what the issue is. I am unable to save the new view.
So, how would I use dev tools to determine what permissions are needed to allow a user to edit Observability metrics? Again, being new to Elastic I am not sure what to look at. I’ve been trying to use the application privileges api but I am not using the api properly as I am not used to building JSON quiries.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.