Kibana User access


(Manoj) #1

Hello All,

I am planning to implement ELK stack on my organization for application teams to visualize their respective logs via Kibana UI. Now my question is,

I have installed ELK on server, and using filebeat i am shipping logs to thiis ELK server from 2 different applications for example.

As I am shipping logs from 2 different applications, I want to restrict the users in one application viewing logs of other application and vice versa. I find shield can be used to restrict user login and secure. But not exactly sure how can i configure to restrict Application 1 log file view access to App1 users only , Application 2 log file view access to App2 users only.

Please advice.


(Lee Drengenberg) #2

Hi Manoj,

You could use our commercial security plugin. One plugin installs in Elasticsearch and the other plugin installs in Kibana.

For pre-5.0 products it's called Shield. In 5.0 its the Security plugin which is part of X-Pack https://www.elastic.co/products/x-pack. It's easier to set up on 5.0.

Regards,
Lee


(Manoj) #3

Thanks LeeDr. Yes I did refer documents on xpack. But not getting an idea for my above query. Restricting user to view specific logs. Some guidance appreciated. Thanks.


(Mark Walkom) #4

You can use document and field level security for that - https://www.elastic.co/guide/en/x-pack/current/field-and-document-access-control.html


(CJ Cenizal) #5

Hi Manoj, I'm not an expert on our permissions setup, but I believe you can configure Roles with access to different fields, documents, and indices, and then assign these Roles to different Users. Can you take a look at https://www.elastic.co/guide/en/x-pack/current/field-and-document-access-control.html and let me know if this helps you?

Thanks,
CJ


(system) #6