Kibana_dashboard_only_user and Spaces Security issue

Kibana 6.5.1 in Elastic Cloud

When you have a User with > kibana_dashboard_only_user and a Role
That user has access to all spaces even though the Role only has read on one space.

My role has a indies and Privileges read and one space set as read.

I tested this by removing the Kibana_dashboard_only_user and then my user only had access to the one Space.

This is to be expected.
Much like the kibana_user role, the built-in kibana_dashboard_only_user role has access to all spaces.
If you wish to secure individual spaces you should not use these roles.

1 Like

I believe there its an open issue around this and that we are working on improving documentation.

Yeppers.
https://github.com/elastic/kibana/issues/25701 the walk through in here by using the Advanced Settings Dashboard > Dashboards only roles worked perfectly.
Thx this saved me from needing to spin up Kibana outside of Elastic Cloud.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.