Kibana authentication based on the indices

security

(sahere rahimi) #1

hi,
kindly, is it possible to get user authentication to different users in order to access to kibana console?
actually, logs from different machines come to elasticsearch and kibana shows these logs based on their indices. for example some logs are under index1 and some logs are under index2. now, is it possible to separate the access to these indices from kibana? it means that, user1 can only access to index1 in kibana and user2 can only access to index2 in kibana console. is it possible?


(Mark Walkom) #2

You can do that with https://www.elastic.co/products/stack/security


(sahere rahimi) #3

thanks for your replying.
is this feature available for free products? or just is in enterprise ones?


(Ioannis Kakavas) #4

Hi,

As you can see in the subscriptions page, security is only available with a Gold or Platinum license.


(sahere rahimi) #5

Many thanks


(sahere rahimi) #6

can we access to multi-tenancy feature for kibana in open source and free version?


#7

In Management Tab, you can define roles to specify what indices is allowed for which user (with privilege options of read/write/manager/delete etc.), and assign that role to the user. To further narrow down the contents in each index, you may user Granted fields and query.

To separate access to kibana console, you will need to upgrade to Kibana 6.5 and use Kibana Spaces.


(sahere rahimi) #8

many thanks.
are these features provided in free version of ELK?


(sahere rahimi) #9

I found that we can define username and password to be asked in kibana login page. this facility is not activated in free kibana product so that there is no login page after running "localhost:5601". after searching i found that we should install X-pack to have it. but, it seems that X-pack is accessible in golden products and not accessible in free ones. is this true?


#10

Yes, you need at least Gold license for X-pack to have the Security features (authentication).
https://www.elastic.co/subscriptions

I think the multi-tenancy feature is with Search Guard, which is a third party plugin that you will need a license as well.