Hi team,
I'm trying to create following user profile in kibana and I did following steps to accomplish my requirement but unfortunately I was unable to do it .
User profile requirement:
we need accounts:
- equio : can access dashboard, visualization, but cannot access elasticsearch (in any way except visualization) and cannot access console...
- admin : can access everything, including user management
- developer : can access everything but not user management
I have done following steps to create above mentioned users profile.
Install Full-Text search engine "Elasticsearch" On 915468-ElasticDemo.newfrontierdata.com
(1) Installed Install OpenJDK 8.On 915468-ElasticDemo.newfrontierdata.com
yum -y install java-1.8.0-openjdk java-1.8.0-openjdk-devel
cat > /etc/profile.d/java8.sh <<EOF
export JAVA_HOME=$(dirname $(dirname $(readlink $(readlink $(which javac)))))
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar
EOF
(2)Installed Elasticsearch On 915468-ElasticDemo.newfrontierdata.com
vi /etc/yum.repos.d/elasticsearch.repo
added following content on repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
yum -y install elasticsearch
systemctl start elasticsearch
systemctl enable elasticsearch
configured elasticsearch.yml as follow.and configured jvm.options too
[root@915468-ElasticDemo ~]# cat /etc/elasticsearch/elasticsearch.yml
cluster.name: Elastic-DemO
node.name: ${HOSTNAME}
network.host: 172.24.36.204
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
xpack.security.enabled: true
xpack.license.self_generated.type: trial
bootstrap.system_call_filter: false
(3)Installed Kibana On 915468-ElasticDemo.newfrontierdata.com
[root@915468-ElasticDemo kibana]# cat kibana.yml
server.host: "172.24.36.204"
server.name: "915452-IngestionDemo.newfrontierdata.com"
elasticsearch.url: "http://172.24.36.204:9200"
xpack.security.enabled: true
elasticsearch.username: "kibana"
elasticsearch.password: "XXXX"
systemctl restart elasticsearch kibana
(4) Set bootstrap.password
/usr/share/elasticsearch/bin/elasticsearch-keystore add "bootstrap.password"
(5) Setup following users.
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Enter password for [elastic]:
Enter password for [kibana]:
Enter password for [logstash_system]:
Enter password for [beats_system]:
(6) How to Set it Up
Under Management > Security > Users, edit or create a new user and assign them the kibana_dashboard_only_user role, along with roles that grant the user appropriate data access.
(7) Setup Above Mentioned User Profile like follow
Setup following users in Elastic-demo and setup user roles as follow . Currently working on Elatic Production cluster, IngestionDemo
equio : can access dashboard, visualization, but cannot access elasticsearch (in any way except visualization) and cannot access console...
Defining Roles:kibana_user
admin : can access everything, including user management
Defining Roles:superuser
developer : can access everything but not user management
Defining Roles:ingest_admin,kibana_system
After that I enroll Platinum licence now instance has platinum licence activated but I can login to Kibana without prompt user name and password after I enroll platinum licence.
Could you advice me how can I do this . If you need any other information Please feel free to contact me at any given time