I want add read-only users but they can create short URLs on Kibana


(Serive) #1

If I make readonly user for kibana,
readonly user cannot make short URL for kibana.

This is not convenient for our use case.

Now our business is following case.

  1. We service to customer as SaaS.
  2. We insert data in elastic cloud and make dashboard for customers.
  3. All customers watch same dashboard.
  4. All customers have only readonly role.

Sometimes the customer add filter and bookmark it.
And the customer want share it to their team member of above filtered dashboard.

But the customer have no write role for dashboard.
So They cannot make short URL, they copy and paste long url to Slack or E-mail.

It it not convenient because long URL is very long..


(Stacey Gammon) #2

We are aware this is inconvenient for some users, but there are currently no short term plans to fix it. The short url creation does write to the index and since a read only user is not allowed to write to the index, we decided we can't circumvent those security restrictions.

There are some plans which will help alleviate the pain:

  • Object level security would allow users to make finer grained security decisions such as this. This is probably a good ways off.
  • https://github.com/elastic/kibana/issues/14455 - we wish to stop storing so much state in the url, especially when in view mode.
  • https://github.com/elastic/kibana/issues/15023 - human readable urls. While this wouldn't include the state portion of the url, taken together with the above issue, it would make for a readable url without a slew of extra parameters tacked on to the end (assuming they were sharing in view mode and not sharing an edited dashboard).

Follow those two issues to stay informed of any updates.


(Serive) #3

Thank you for reply.

I try setting role with "Object level security".

And I follow these issue.

https://github.com/elastic/kibana/issues/14455
https://github.com/elastic/kibana/issues/15023


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.