Indices/dashboards etc names visibility for every user?

security

#1

Hello, I have a question.
I have configured some roles, for example, user1 can see only dashboard1 and user2 can see only dashboard2.

In kibana
user2 of course can't access to dashboard1, error show up, but he can see the name of dashboard, and user1 can see the name of dashboard2 to which he doesn't has access.

Is there possibility to turn off the visibility of particular indices in roles that can't access them?

Is this clearly defined, or should I upload some pic, cause of my poor english language? :stuck_out_tongue:


(Jay Modi) #2

Kibana does not currently support the ability to restrict dashboards based on a user as Kibana does not have knowledge of the ACLs provided by shield. We're thinking about how we can solve this issue so that Kibana and Shield have better integration in the future.


#3

Hmmm, ok. And what about admin roles.
Admin1 and Admin2 can create dashboards/visualizations from own indices, but Admin1 can overwrite any visualize/dashboard name created before for example by Admin2.
Also, we can't resolve this problem for now?


(Jay Modi) #4

That's correct, we are still working on a solution. Shield does not differentiate between a user and a admin, they simply have different permissions.


(Tanya Bragin) #5

One potential workaround if you don't have too many groups is to set up separate Kibana instances for each group pointing to different configuration indices (instead of the defailt .kibana index).


(system) #6