Kibana Spaces Create Permissions

security

(Micah Hunsberger) #1

In Kibana 6.5, is there any way to prevent kibana users from creating new spaces?
I know once a space is created, you can set read/write permissions within it, but what is to prevent users from creating more spaces?


(Larry Gregory) #2

Hey @Micah_Hunsberger,

It's possible! It's just a little confusing, and not well documented right now.

When configuring a user's roles, make sure you are not using roles that have the Kibana minimum privilege set to all. This setting allows users to create spaces:


(Micah Hunsberger) #3

Thank you, the built-in kibana_user role has this set to all.
I assume that means you have to create a new role that is identical to the kibana_user role except have this setting set to read or none?


(Micah Hunsberger) #4

Okay so it looks like the Kibana ui for space privileges uses Application Privileges to manage access within Kibana.


(Larry Gregory) #5

Yes, the kibana_user role is a Kibana superuser of sorts, in that it grants access to all of Kibana. If you want to restrict access, then you'll want to create custom roles with either none or read as the minimum privilege.