Kibana Read only dashboard

Hi ,
I am using ELK 7.1.0 community edition .
Would like to enable read only dashboard for the users , Is this feature available in community edition ?
I am aware that it's available in ELK Enterprise edition .

Thanks,
Divya

Hi there,

If I'm not wrong the security basic features are free starting from version 7.1.0 then you should be able to use them.

Just create a space and a dashboard (index pattern, visualizations ecc...) in it. Create (with an admin user) a role with access restricted to that index (in read-only mode) and with permission to access to that specific space only, only to Dashboard section.

That should be enough for your purpose.

Let me know should you need help

Thanks Fabio for the confirmation!

Do you have steps on how to implement it ?

As I couldn’t find how to enable the read only dashboard in Kibana management .

I Followed this Blog

https://www.elastic.co/blog/kibana-dashboard-only-mode

But I couldn’t find it in my Kibana UI :frowning:

Are you talking something different ?

Thanks ,

Divya

Ok so, you don't see the tab in the Kibana UI since you haven't enabled it.

In your config/elasticsearch.yml file add the following lines:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

Restart elasticsearch.
Open a terminal inside the elasticsearch folder and launch:
bin/elasticsearch-setup-password interactive and follow the prompt commands to setup the initial passwords (including the elasticsearch admin password).

If evertything went well, launching a cURL
curl -XGET "localhost:9200"

You'll receive the error
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

In fact, you have to authenticate yourself with:

curl -XGET "localhost:9200" -uelastic and then typing the password for the user elastic you've just set.

In the kibana folder, add to the config/kibana.yml file the following lines:

elasticsearch.username: "elastic"
elasticsearch.password: "your_pw"

NOTE: if you have to do this in production use the keystore in order to avoid writing the password in clear in a file

Restart Kibana.
Now, accessing Kibana, in the management section you'll find these new tabs
image

Now, just create a new space in the Manage Spaces section (upper left corner) and create in it whatever you want useful to the final dashboard (index pattern, visualizations, dashboard etc).
In my case I'm using the classic [eCommerce] Revenue Dashboard.

Then, go to Management>Security>Roles and create the role (e.g. ecommerce_read_only, adding only the read privileges to the index you want:

And the space privilege according to the space you've just created

Now create the new user (Management>Security>Users) and assign to it that role

You can now log out with the admin (elastic) user and log back in with the just created user. You should be able to do noting but read the above-created dashboard (if you tried to edit it and then save it you should see an error message).

Unfortunately, 7.1.0 version is not new enough to filter out all those sections which are not needed and simply leave the Dashboard section but at least you avoid the ecommerce_user mess around risking to break anything.

Hope this helps!

Hi @Fabio-sama
Thanks for the steps with screenshots !!
I was able to create the space however I couldn't find the the Management > security > roles in Kibana . I am using 7.1.0 community version .

Attaching the screenshots of the space which which I could see in Kibana UI .

Thanks,
Divya

Hi,

did you follow all the steps in my second post? Edit the yml files, restart elastic, run the command to interactively setup the passwords etc.. ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.