How to grant access for specefic data in elastic cluster

Hello everybody,

let's suppose I have 2 machines where I run the same agent (packetbeat for example), how can I do to create 2 users where each user can only access data that has been created from one machine ?

so user_1 can display in kibana only data of packetbeat of the machine 1 and user_2 can only display logs of machine 2 !

Thanks for your help.

There's function for users and roles in Elasticsearch

  1. Create roles (say role A and role B) to have access only data of packetbeat by specifying the index name

  2. Create user for user_1 and user_2, assign them to role A and role B

Hope this can help you

thanks for your reply @kavierkoo,

But how can I do this as the index have the same name ?

Two ways I could thought of:

  1. Use a different index name

  2. Create roles with Kibana Grant read privileges to specific documents or API and use query to match field that is able to identify your device like host

1 Like

Thanks for your answer
I will try your suggestions and keep you in touch