Enable Kibana Security WITHOUT Elasticsearch security

Hi Team,

Is it possible to enable Kibana level security like creating username and passwords for Kibana login and dashboards (for role level access), without enabling the security in Elasticsearch level (username & password) ?

I checked the documentation and the first point itself states that we need to configure security in Elasticsearch!

The need for this requirement is, if I enable the security in Elasticsearch level, then the application that is connecting to this cluster, will also need to be modified to accommodate the change. Hence just want to check if its possible to have username and passwords for Kibana alone or not?

Thank you.

Kibana uses Elasticsearch for its security, there is no concept of security in Kibana without security in Elasticsearch. Kibana would have no way to create users or verify passwords.

You can probably achieve what you're after by enabling security in Elasticsearch and turning on anonymous access so that the existing application continues to work.

1 Like

Oh Okay.
So I need to enable the anonymous access feature in both Elasticsearch.yml and kibana.yml right?

No, just in Elasticsearch. Based on your requirements, I don't think you want anonymous access in Kibana.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.