How can I share dashboards and visualizations using a share link and block access to the Kibana (5.1.1) management panel? When I use X-pack for security then all users have to type login and password to access charts. I would just share charts with people, nothing more.
So I would like to make charts accessible by public.
We have plans to add access controls to Kibana, but right now it doesn't yet have any sort of access control, so if you give users access to use Kibana, they get to use all of it. X-Pack will only protect data in Elasticsearch right now.
You might be able to achieve the level of access control you're looking for with a proxy of some kind. Or perhaps you could use the visualization's embedded view in a wrapper app of your own and only give users access to that.
Thank you for your answer.
Do you have any links or information how to create this type of proxy?
Kind regards
I don't, sorry. I've only heard of users doing that, I haven't actually seen any implementations. The gist of it is that you want to block requests to things you don't want users to use (/management, for example). It's a client-side route, so that is tricky to block with a proxy, since there's no server request. What you CAN block with a proxy are API calls that those pages make, which you'll have to track down yourself, by watching the network tab in your browser for example.
You could also write a hack plugin to do this for you. The plugin generator is a good place to start if you're interested. Your uiExports will include a hacks section, with an array of public files to load. They just get loaded at Kibana startup, so you have access to do anything you want. You can use that to watch for route changes in the browser and redirecting a user when they hit something you don't want them to. The documentation around doing this isn't super well documented, but the generator is already set up to get you started.
There is a simple workaround with usage of nginx proxy. It blocks all POST requests excepts some which are necessary to show charts. Public users can access the kibana panel, but cannot edit and save anything.
I hope you find that useful.
server {
listen 80;
server_name localhost;
location ~ (/elasticsearch/.kibana/index-pattern/_search|/elasticsearch/_mget|/elasticsearch/.kibana/_mapping|/elasticsearch/_msearch) {
proxy_pass http://kibana:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
rewrite /(.*)$ /$1 break;
}
location ~ (/elasticsearch/) {
return 405;
}
location ~ (|/app/kibana|/bundles/|/status|/plugins|) {
if ( $request_method !~ ^(GET)$ ) {
return 405;
}
proxy_pass http://kibana:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
rewrite /(.*)$ /$1 break;
}
}
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.