I integrated shield with elasticsearch.
Kibana is displaying all index list in discover page.though the logged in user is not having access to all index list.How kibana is retrieving all index from elasticsearch.Is it getting all index list by using username and password mentioned in kibana.yml file?
For Example:
I am having user "A" .He is having access to index "a".
If user "A" logs in, kibana will display all index list in discover page.How this index details are retrieving from elasticsearch by using which username and password?
At the moment, there are no view-level restrictions in Kibana, only data-level restrictions based on Elasticsearch+Shield.
So, in your scenario, when user A logs in, they will see all index pattern objects in Kibana. However, if at the Shield level they do not have permissions to modify those settings at the .kibana index level, they will not be able to change these patterns. Beware, though, that failure modes may vary until this issue is addressed: https://github.com/elastic/kibana/issues/4731
Similarly, if these users do not have access to the data in those indices, even if they see saved searches, visualizations, and dashboard objects based on those indices, they will not be able to view the data that is queried from Elasticsearch based on that configuration - so they will see empty search results, empty charts, empty dashboards.
So, in summary, your data is protected at the Shield level (assuming permissions are set correctly), even if the user sees those objects in Kibana.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.