i want to hide the extra fields that are showing to anonymous user, i want him to show only the fields that are used in the dashbaoard other then that hide the fileds.
i have added the fields that i wanted to show in the Elasticsearch grand access to specific fields roles > anonymous > Elasticsearch > Index privileges > Grant access to specific fields
but when i visit the public url of my dashboard i can see the fields in the filters.
any one can guide how do i achieve that ?
That should work, I tested on the Kibana Flights dataset to grant access to only a few fields on the role that is given to the anonymous user
And the sample dashboard on the public space that role is granted access broke as expected
My kibana settings are as described in the anonymous documentation
xpack.security.authc.providers:
anonymous.anonymous1:
order: 0
credentials:
username: public_user
password: public_user_password_something
basic.basic1:
order: 1
Where my public_user (not the actual name) has just the public role that grants access to a specific Kibana space and certain indices.
i also used the same privilege's and settings in same way the documentations told to
so after applying that i still see the same fields in my dashboard filter
Privileges are combined as described in the Field Security docs:
When a user has several roles that specify field level permissions, the resulting field level permissions per data stream or index are the union of the individual role permissions.
and in the guide:
... Document level security takes into account each role held by the user and combines each document level security query for a given data stream or index with an "OR". ...
So, you'd need to remove the staging* index from the first rule for the second take effect.
but i am not using that role for one i am using it for multiple dashbards and they all come from different index patterns. in that sense i have to create multiple roles ? for anonymous1 user for earch index to hide the fields.
As far as I understand this, having multiple roles or a single role with multiple rules is the same. Elasticsearch will combine all those rules, so if you have more than one that affects staging*, they will be unioned, and the fields will pass with the less restrictive rule.
Note how those rules have no order at all in the Kibana UI.
I'm going to transfer this post to the Elasticsearch forum since your fundamental problem is how Elasticsearch deals with field security, and Kibana is working as expected.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
