We are building several different dashboards with information that we want to share, but there are dashboards that we want to make public to everyone, dashboards that we want to make public at an enterprise level and dashboards "only for our eyes"
So our main idea is to separate dashboards into different spaces and sort them depending on the "access level".
Our idea is to give anonymous access to both "public" spaces, but we are wondering if we'd be able to use different anonymous users to give access to each public space, as we don't mind company users accessing public info, but we don't want that anyone accessing a public dashboard embedded on our public webpage reaching "only company" public dashboards tweaking the url from the iframe.
It's possible to configure different anonymous users? It's a good security approach for a use case like ours? There is any other security advice you can give us to achieve this three layer publication?
I don't think you can configure more than 1 anonymous user - how would Kibana be able to detect which one to use?
Also, only allow anonymous access to content which you don't mind sharing with everyone that is able to reach your instance!
That said, I propose to use the anonymous user for the public space.
For the enterprise level, you have 2 options (depending on your license):
If you have a platinum or enterprise subscription, your best bet would be to connect Kibana to your Single-Sign-On Provider
Another option would be to create a normal user in Kibana and use Nginx or an Apache server as a proxy to add the authentication credentials to each request (see here for an example)
We were already considering usin an Apache to proxy urls to the dashboards but haven't thought about including authentication. We'll definitively look into that.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.