Dashboard only role shows all applications in the menu

saif3r · December 12, 2019, 9:23pm

Hi,

I created a new role called test which has been mapped to role abc which has been created as a dedicated Dashboard group. I mapped it to AD group. This group is suppose to show only Dashboard menu in Kibana with Read privileges. Instead, it shows all apps in the menu. Any idea why? I have no issues logging in with an account that's part of this AD group. Also, this AD user is part only of this single group.
Version 7.4.2

GET _security/role_mapping/test

{
      "test" : {
        "enabled" : true,
        "roles" : [
          "abc"
        ],
        "rules" : {
          "field" : {
            "groups" : "CN=x,OU=x,OU=x,OU=x,DC=x,DC=x,DC=x,DC=x"
          }
        },
        "metadata" : { }
      }
    }

Brandon_Kobel · December 16, 2019, 4:50pm

Hey @saif3r, does the user with the abc role have any other roles?

Per the docs

When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the kibana_user role in addition to a custom role that grants Kibana privileges is ineffective because kibana_user has access to all the features in all spaces.

saif3r · December 17, 2019, 7:48am

Hello!
No, for the testing purposes i created an exclusive user with exclusive role and made sure that's the only role this user has.

Brandon_Kobel · December 17, 2019, 2:34pm

Hey @saif3r, after logging into Kibana with the user that is supposed to only see Dashboards, do you mind running the following two queries in DevTools and posting their response?

GET _security/_authenticate

GET _security/user/_privileges

system · January 14, 2020, 2:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.