Data-level security


(Sam) #1

We're trying to use kibana to set up an end-user visualization tool. We set it up as POC with X-Pack, but we really only need the data-level security from it and won't know if xpack would be worth it for just that until we get a quote back. Is there another way we can implement data-level security such that end users will each only be able to view their own information without setting up multiple kibana instances? If this goes beyond POC, it will need to scale to thousands of users.


(Tyler Smalley) #2

For actual data level security, X-Pack is really the best option.

There is an open issue for multi-tenancy support in Kibana. Most users do as you describe and run multiple instances of Kibana. We have worked pretty hard to get the overall memory footprint of Kibana down. Outside of plugin installation, Kibana only uses ~200MB of RAM.


(Sam) #3

We did find Search Guard, which is an open-source option for security, if anyone else is looking into this.


(Jochen Kressin) #4

Search Guard does support true multi-tenancy for Kibana. This makes it possible to completely separate access to the data stored in ES on index- and document-type level, but also includes separation of saved objects like visualization and dashboards. The documentation can be found here:

http://floragunncom.github.io/search-guard-docs/multitenancy.html

For example, you can set up visualizations and dashboards per department or even per user, without the hassle of maintaining multiple Kibana instances.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.