Kibana User access

Hello All,

I am planning to implement ELK stack on my organization for application teams to visualize their respective logs via Kibana UI. Now my question is,

I have installed ELK on server, and using filebeat i am shipping logs to thiis ELK server from 2 different applications for example.

As I am shipping logs from 2 different applications, I want to restrict the users in one application viewing logs of other application and vice versa. I find shield can be used to restrict user login and secure. But not exactly sure how can i configure to restrict Application 1 log file view access to App1 users only , Application 2 log file view access to App2 users only.

Please advice.

Hi Manoj,

You could use our commercial security plugin. One plugin installs in Elasticsearch and the other plugin installs in Kibana.

For pre-5.0 products it's called Shield. In 5.0 its the Security plugin which is part of X-Pack https://www.elastic.co/products/x-pack. It's easier to set up on 5.0.

Regards,
Lee

Thanks LeeDr. Yes I did refer documents on xpack. But not getting an idea for my above query. Restricting user to view specific logs. Some guidance appreciated. Thanks.

You can use document and field level security for that - https://www.elastic.co/guide/en/x-pack/current/field-and-document-access-control.html

Hi Manoj, I'm not an expert on our permissions setup, but I believe you can configure Roles with access to different fields, documents, and indices, and then assign these Roles to different Users. Can you take a look at https://www.elastic.co/guide/en/x-pack/current/field-and-document-access-control.html and let me know if this helps you?

Thanks,
CJ