Hide some dashboards in Kibana with doc level security

Elastic Stack Elasticsearch
1

Hi,

I have 3 users using the same Kibana instance, so i would like to use document level security to prevent a user from seeing others users's dashboards.

So for "user1" I try to filter the .kibana index on documents whose name is "user1_*".

But when I log with user1 account, he still see all dashboards in the kibana dashboard list.

I use 1 role for user1 with these items :

Kibana Privilege : read
Index Privilege : .kibana => read
granted document query : {"match":{"dashboard.title":"user1_*"}}

Do you think this syntax is correct, or maybe it is not possible to filter the kibana dashboard list this way... ?

Thanks everybody :slight_smile:

Regards,

Rapha

2

Hi @Rapha,

I am not authoritative on this, but I think user1 should not have any privileges for the .kibana index. Dashboard entries and other kibana objects are managed by kibana itself, using the
.kibana index, but not in the way you have pointed out. That is, other types of privileges, and not document level security ones, are used to limit scope. This privileges are managed by the kibana process itself (stored in the .kibana index) and atm they don't not rely on elasticsearch.

I suppose what you are looking for is Kibana Spaces . Have you tried it? This is the proper way to authorize on kibana objects.

Hope that helps to get a perspective on things,
Albert

3

Hi @Albert_Zaharovits ,

Thanks a lot for your answer. Kibana spaces is exactly the solution I was looking for.

Hope this feature will be released soon. Do you have any informations about that ?

Regards,

Rapha.

4

Hi @Rapha,

I though it was released already, but it obviously was not.
Should be very soon but we're not allowed to commit to timelines on public forums.

Regards,
Albert

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.