I am trying to understand how to restrict the elasticsearch data that different user groups can view using Kibana. In other words, I am trying to understand how an elasticsearch/kibana solution can be a multi tenant solution.
I recognize the answer might have to do with how you architect your solution. Assume that I have two different sets of users. Each set of users can only access their own set of data via Kibana.
What is the best way to architect this solution?
Should I have 2 different indexes, one index for each user group? Or should I have one index and somehow restrict which data the users can run queries against in Kibana?
Multi-tenancy at the data level exists if you pair Kibana/Elasticsearch with Shield - you can restrict which users can view which data in Elasticsearch at a pretty granular level. However, fine-grained access control at the UI level, such as restricting which dashboards and views are accessible to given groups of users, is not part of that integration yet.
You can work around this currently by setting up multiple instances of Kibana - one per user - configured to point to different configuration indices (instead of the default .kibana).
I thought about suggested solution but that might not be enough.
for instance, If I index documents having field A and field B and I want to configure multi tenancy according specific values of field A, meaning prefiltering all visualized data according the tenant, how can I configure kibana.yml for each kibana UI in such way that users cannot modify this prefiltering criteria and therefore cannot see the data of the others ?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.