Kibana_dashboard_only_user and Spaces Security issue


(Dallas Toth) #1

Kibana 6.5.1 in Elastic Cloud

When you have a User with > kibana_dashboard_only_user and a Role
That user has access to all spaces even though the Role only has read on one space.

My role has a indies and Privileges read and one space set as read.

I tested this by removing the Kibana_dashboard_only_user and then my user only had access to the one Space.

(Tim Vernum) #2

This is to be expected.
Much like the kibana_user role, the built-in kibana_dashboard_only_user role has access to all spaces.
If you wish to secure individual spaces you should not use these roles.

(Christian Dahlqvist) #3

I believe there its an open issue around this and that we are working on improving documentation.

(Dallas Toth) #4

Yeppers. the walk through in here by using the Advanced Settings Dashboard > Dashboards only roles worked perfectly.
Thx this saved me from needing to spin up Kibana outside of Elastic Cloud.

Dashboard Only Mode and space issue
(system) closed #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.