I'm in the process of evaluating ELK with x-pack. I have logstash inserting log data into ES and I can query ES to fetch the data using the default elastic user.
Kibana is accessing ES with a user called "kibana". This user seems to be restricted and can't be updated to add new permissions/roles in ES. In addition, I can't find a way to change the ES "kibana" user (the one the Kibana app uses to access ES) to a new user. It seems that the evaluation license maybe too restrictive.
Please let me know if you have any suggestions. I'm sure I'm missing something.
A user can be linked to multiple roles, so you can create a new role that provides access to you indices and then grant this and the kibana role to the user. This allows you to give different users access to different data sets with a small number of roles.
I created a new role and tried to add it to the kibana user that is used by the "Kibana" application, but it looks like the kibana user is "reserved" and its privileges cannot be changed. I also can't find a way to change the Kibana application to use a user other than "kibana" to access ES.
Ah, the kibana_system role should not be used here. Create a new user and assign the kibana_user and erichs_admin_role to it. That should solve the problem.
Nervermind. Now I just feel silly. I didn't realize I was logging into Kibana with the ES user. I assumed Kibana only had the default kibana user available as a login rather than mapping through to the ES user.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
