Dashboard only role shows all applications in the menu

Elastic Stack Kibana
1

Hi,

I created a new role called test which has been mapped to role abc which has been created as a dedicated Dashboard group. I mapped it to AD group. This group is suppose to show only Dashboard menu in Kibana with Read privileges. Instead, it shows all apps in the menu. Any idea why? I have no issues logging in with an account that's part of this AD group. Also, this AD user is part only of this single group.
Version 7.4.2

GET _security/role_mapping/test

{
      "test" : {
        "enabled" : true,
        "roles" : [
          "abc"
        ],
        "rules" : {
          "field" : {
            "groups" : "CN=x,OU=x,OU=x,OU=x,DC=x,DC=x,DC=x,DC=x"
          }
        },
        "metadata" : { }
      }
    }

screencapture-10-231-130-188-5601-app-kibana-2019-12-12-22_21_50
screencapture-10-231-130-188-5601-app-kibana-2019-12-12-22_21_501920×1502 225 KB

screencapture-10-231-130-188-5601-app-kibana-2019-12-12-22_22_49
screencapture-10-231-130-188-5601-app-kibana-2019-12-12-22_22_491920×1621 344 KB

2019-12-12%2022_23_52-Kibana
2019-12-12%2022_23_52-Kibana779×259 15.1 KB

2

Hey @saif3r, does the user with the abc role have any other roles?

Per the docs

When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the kibana_user role in addition to a custom role that grants Kibana privileges is ineffective because kibana_user has access to all the features in all spaces.

3

Hello!
No, for the testing purposes i created an exclusive user with exclusive role and made sure that's the only role this user has.

4

Hey @saif3r, after logging into Kibana with the user that is supposed to only see Dashboards, do you mind running the following two queries in DevTools and posting their response?

GET _security/_authenticate

GET _security/user/_privileges

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.