Kibana with Security - All users in user_search.base_dn can view Kibana?

When setting up Kibana 5.1.1 with X-Pack Security, is there a way to restrict access to the main kibana page?
When testing, it appears that all users in the search base are able to authenticate and view the main page, even if they don't have authorization to search/monitor/etc...

Is it possible to throw an "Access Denied" error if they can authenticate, but don't have rights to perform an action, as the Monitor plugin does?

OR

Is it possible to restrict the authentication by a filter based on an AD group?

Elastic Version 5.1.1 using Security
role_mapping.yml

kibana_user:

  • "CN=analyst,OU=Groups,DC=example,DC=com"

elasticsearch.yml
xpack.security.authc.realms.ldap.user_search.base_dn: ou=users,ou=accounts,dc=example,dc=com

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.