How to use Document Level Security to make Kibana Multitenant?


#1

Hello!
We use ES 6.2.1 and would like to add some multi-tenant support to kibana.
To us it would be good enough to have the Kibana Dashboard View filter dashboards based on their titles.
To achieve this I tried adding a document based security entry on the ".kibana" index that shows only dashboards starting with "public_":
post /xpack/security/role/test_group
{
"indices": [
{
"names":[".kibana"],
"priviledges": ["read"],
"query": { "term": {"dashboard.title": "public
*"}}
}
]
}
But when logged in with user test_group, I still see all dashboards.


(Larry Gregory) #2

Hey @BicaLuv,

Creating a multi-tenant Kibana installation using Document Level Security isn't supported, as it relies heavily on internal implementation details that aren't guaranteed to be compatible in the future.

I have some good news for you though: we are actively working on a "Spaces" feature that will allow you to organize and secure access to your Kibana dashboards, visualizations, and other saved objects. You can track our progress here: https://github.com/elastic/kibana/issues/18948


#3

@Larry_Gregory, thanks for the reply.
I know that tweaking .kibana index that way is not an official solution. But based on the fact, that there is currently no solution at all, I would give it a try for 6.2 and 6.3 installations in our project.

BTW: I will keep an eye on what the new spaces feature will bring.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.