I have a default space in kibana where i am creating admin for secondary spaces they have the access to create users in there own spaces. Now I on logining in as the admin of the other space am able to view the details of users and roles who donot belong to this space. Can i hide the details of users and roles not belonging to that space from the admin of that space.
Can i hide the details of users and roles not belonging to that space from the admin of that space.
This isn't currently possible, because users and roles do not really "belong" to a Space -- the privileges assigned to roles in Kibana are based on the Elasticsearch cluster privileges, whereas Spaces is a Kibana-only feature.
So if you give someone access to manage_security
, they are going to be able to manage all users & roles for the cluster regardless of Space, because Elasticsearch has no awareness of Spaces. This means they can either manage users/roles via Kibana, or by performing requests against Elasticsearch directly.
Some of those roles might have certain space privileges assigned, but those space privileges do not affect the overarching Elasticsearch privileges which have already been granted.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.