Hide Management app in Home app (Kibana 7.9.1)

Elastic Stack Kibana
1

Hi,

Note: I am using ELK 7.9.1

I am trying to grant users the "minimum access required" to do their job and at the same time I am trying to maximize security all I can. I'm aware that system role kibana_dashboard_only_user is deprecated and about to dissapear in Kibana 8, but in the meantime it resolves the need I have. I want to restrict users to have access to only certain apps in Kibana. App Managementis one of the apps that I need to restrict for most of users, except for admins.

Pursuing this goal I have tried to reproduce the kibana_dashboard_only_userto get the same results.

  • I added a new role with no index privileges but only space privileges to read Dashboard. Then assigned that sole role to a new user.

kbn-space-privileges
kbn-space-privileges516×845 38.3 KB

Logged in as the new user and all other apps but Dashboard were hidden as expected, but the Management app was still available from the main menu.

kbn-management_app
kbn-management_app441×508 17.1 KB

  • Then added a new space and copied all Kibana saved objects from another space. This time I limited the visibility of the features within this space to display nothing else but Dashboard. I granted permissions for the new user to access only this space.
    kbn-space-features-access
    kbn-space-features-access832×881 51 KB

Logged in as the new user just to realize the issue persist: the Management app was still available from the main menu.

If this user does not have nor require any special admin privileges, and must have access only to read the dashboards, then it does not make any sense that this user can see (and access) an app for management. Even when all the sub-apps inside Management triggers pop-ups permissions errors when attempt to access any of them, it would be more elegant and secure if the user couldn't see that app at all.

Same issue was described here, here, here and officially discussed here as well.

It appears that the development team is working hard to fix this issue or enhancement request.

Few questions:

  • Is there an estimated date for this functionality to be available?
  • Meanwhile, is there a workaround?
  • Wouldn't it be easier to simply show or hide Management in the Home app, regardless of whether or not the user has sufficient privileges on the node to access Management? If the user is only allowed to hide or show Management from Customize feature display, then Kibana would not depend on the permissions of the node that Elasticsearch controls, since it would not be manipulating the permissions of the node, but only showing or hiding access to an app.

Likewise, even if the user could see the app (due to some human error in not hiding Management), the Elasticsearch privileges would come into play. This would not be very elegant perhaps, but at least safe.

Thank you

2

I can confirm that it is not possible to disable "Stack Management" in Kibana UI. I also want to hide this entry for selected spaces.
The good news is that we have just implemented a solution for this in #67791, which should be available in the 7.10 release if all goes to plan. Please subscribe to the issue below for more updates.

Thanks
Rashmi

3

Well, to wait patiently and hope that everything goes according to plan.

Thank you

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.