Kibana access management


(Sunil Chaudhari) #1

Hi,
Can we implement access management for Kibana based on different index patterns?

Example: I have Applications in our centralized logging as sales, tf, rss, crm, etc. Indexes are created on the basis of applications. Like crm-YYYY-MM-DD, sales-YYYY-MM-DD.

User of sales should not be able to access crm index data. How can we acehiev this in Kibana?

br,
Sunil


(Magnus Bäck) #2

This is easy with the Shield product. If Shield isn't an option you should be able to have different Kibana instances that different users have access to, where each Kibana instance in turn accesses ES using their own credentials that grants different access.


(Sunil Chaudhari) #3

Hi,

can you please elaborate below things?

Does different instances of Kibana need any changes in ES cluster (Indexing strategy)?

Different Kibana instances means instances running on diferent port, pointing to same ES cluster?
If Yes, then sales user can configure index pattern for crm* and easily access crm data in UI.

br,
Sunil


(Magnus Bäck) #4

Does different instances of Kibana need any changes in ES cluster (Indexing strategy)?

No, but you need to put ES behind a reverse proxy that can limits what each user can access.

Different Kibana instances means instances running on diferent port, pointing to same ES cluster?

Yes.


(Marcin Kubica) #5

@magnusbaeck could you please pop a practical example how to limit index access with reverse proxy

Do you mean deny particular URI access per kibana node?

Many thanks
Marcin


(Magnus Bäck) #6

could you please pop a practical example how to limit index access with reverse proxy

Sorry, I don't have time to do that but I'm sure there are examples around. I certainly had inspiration when I set it up last year.

Do you mean deny particular URI access per kibana node?

Yes. Since the index name is part of the URL you can restrict what can be accessed.


(Marcin Kubica) #7

Many thanks.


(system) #8