I'm following this tutorial to create users with eck: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-users-and-roles.html
The examples there specify roles with Elasticsearch capabilities only, but can I define a role that has limited access to Kibana features? I cannot use
kibana_admin as that is too permissive.
For example, I need a role that has read-only access to any dashboards in Kibana (and nothing else):
Is it possible to define that kind of role with
Yes you can create restricted roles in ECK as well. This is not a ECK specific feature, we are just exposing the file based role management feature of Elasticsearch here.
Restrictions on Kibana usage go into the
applications section of the roles.yml file. This is just simple example allowing access to Dashboads and Visualizations in all spaces:
- application: "kibana-.kibana"
The way I created this example is by going through the UI creating the role I wanted and then retrieving the resulting role via the API as YAML
Great, thank you @pebrc, it works!
Is there any piece of documentation I can read on the fields of this role definition?
E.g. what are the supported values for
privileges in Kibana, what is
transient_metadata and so on?