Kibana_dashboard_only_user and Spaces Security issue

security

(Dallas Toth) #1

Kibana 6.5.1 in Elastic Cloud

When you have a User with > kibana_dashboard_only_user and a Role
That user has access to all spaces even though the Role only has read on one space.

My role has a indies and Privileges read and one space set as read.

I tested this by removing the Kibana_dashboard_only_user and then my user only had access to the one Space.


(Tim Vernum) #2

This is to be expected.
Much like the kibana_user role, the built-in kibana_dashboard_only_user role has access to all spaces.
If you wish to secure individual spaces you should not use these roles.


(Christian Dahlqvist) #3

I believe there its an open issue around this and that we are working on improving documentation.


(Dallas Toth) #4

Yeppers.
https://github.com/elastic/kibana/issues/25701 the walk through in here by using the Advanced Settings Dashboard > Dashboards only roles worked perfectly.
Thx this saved me from needing to spin up Kibana outside of Elastic Cloud.