Kibana and Shield: user read-only access to his index

vando · May 2, 2016, 4:21am

I'm using Kibana with Shield and I want to create read-only users that they can see only his respective index.

I created this role for foo user:

foo:
  indices:
    - names: 'foo-*'
      privileges:
        - indices:admin/mappings/fields/get
        - indices:admin/validate/query
    - names: '.kibana'
      privileges:
        - indices:data/read/get
        - indices:data/read/mget
        - indices:data/read/search

After logged-in, user gets an empty Kibana page, what am I doing wrong? Thanks in advance.

Bargs · May 2, 2016, 5:52pm

A few questions:

What version of Kibana/ES/Shield are you using? Are you using the Kibana Shield plugin?

Are you getting any error messages, either on the page or in your DevTools console?

Do you only want the data to be read only, or do you also want to prevent users from creating new visualizations, dashboards, saved searches, etc?

vando · May 2, 2016, 8:22pm

Hi Bargs

ES: 2.3.1
Kibana: 4.5.0
Shield (plugin installed from ES): 2.3.1

I want the data being read-only and limit user access to other indices.

And I got this error message:

Error: [security_exception] action [indices:admin/mappings/fields/get] is unauthorized for user [foo]

Bargs · May 2, 2016, 9:35pm

I want the data being read-only and limit user access to other indices.

If you use this example role as a base, I think that should achieve what you need. You'll just need to switch logstash-* to foo-* and remove the cluster section. Let me know if that doesn't work for some reason.

As an aside, you might also want to install the Kibana Shield plugin which will give you some additional functionality like a proper login screen.

vando · May 3, 2016, 2:19pm

This is what I wanted, thank you @Bargs!