We are using ECK operator v2.6.1 and Elastic and Kibana v8.6.2. We would like to enable anonymous access of kibana to our users, and have this user be authenticated with elasticsearch to have certain limited permissions. We then want to have an anonymous user for some of our internal systems (because enabling security for indexing slowed our processes down too much).
Now when defining these two seperate anonymous users and roles, somehow the privileges become merged for the kibana user. Ex. Output of 'GET /_security/user/_privileges'
{
"cluster": [
"all",
"monitor"
],
"global": [],
"indices": [
{
"names": [
"logs-*"
],
"privileges": [
"all",
"read",
"view_index_metadata"
],
"allow_restricted_indices": false
}
],
"applications": [
{
"application": "kibana-.kibana",
"privileges": [
"feature_dashboard.all",
"feature_canvas.all",
"feature_advancedSettings.read",
"feature_discover.all",
"feature_dev_tools.read",
"feature_maps.all",
"feature_visualize.all",
"feature_indexPatterns.all"
],
"resources": [
"*"
]
}
],
"run_as": [
"guest-user",
"logging-internal"
]
}
We only want to set the kibana privileges for the guest-user. The elevated cluster privileges comes from the logging internal user, which we want to separate.
Any idea where this is coming from? Was there a decision to merge these two anonymous users? Any insight would be helpful 