How to grant access to kibana for specific users

am very new to EKL Stack and for my project we have requirement to integrate kibana in our custom applications dashboard.
We would like to give clients some statistics about their own activity (i.e. how many times which API call was used by their applications and so forth). I know that it is possible to use embed functionality i.e. get code that Kibana itself generates to access a dashboard or a single visualization. The problem with this approach is that the URL that we would have to make available to the client (for example, put in an iframe in a webpage) includes the filter which limits the data to only their Tenant ID. So, if they know IDs of other tenants, they could manipulate that code and get access to other client's logs, which is in our case not an option.

Is there a way to achieve this!

Ps:i use kibana 7.0.0

@hiba This sounds like a use case for document level security in Elasticsearch. Basically something like this:

POST /_security/role/my_client
  "indices" : [
      "names" : [ "*" ],
      "privileges" : [ "read" ],
      "query" : {
        "term" : { "my_client_tenant_id" : 1 }

Applying this role to whatever user has access to the iframe would I think achieve what you are looking for. Kibana has a UI for managing this too -- you paste the query into the box for Document Level Security under Management > Security > Roles

hi ,
thanks for reply,

I am looking to integrate Kibana into my application (angular 9).
I have the following senario:
-My application is multi-user, of which I have a rebric "dashborad" .... I hope to expose the Kibana dashboard for specific user accounts where the connected user could not access the data of other users.
-the solution with the iframe does not suit me (because you have to reload the iframe with each modification).
-i try to setup an "automatic" kibana authorization using JWT passed via url param.

Ah okay, yeah unfortunately I don't think what you are looking to do with the embedding is possible... an iframe is the only way to embed a "live" Kibana dashboard in an external application today, because that dashboard needs the rest of Kibana's services to be running in order to be interactive.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.