Kibana with shield visualize and dashboard

security

#1

Hello,

I have a problem with shield and kibana4. I have two groups. One group with admins and a second group with my customer1.
My authentication is an LDAP backend.

When my user is an admin, i can view all indices, create dashboard and create visualization.

Now when i switch with an user who is in my group customer1, i view only customer1 indice but i can select the dashboard create by my admin user. I can't view data but i can see the name of my dashboard and i don't like it.
Otherwise cusomer1 can change settings and it's not good.

Do you have a solution for that ?

This is my confi in roles.yml :
customer1:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
'customer1-*':
- indices:admin/mappings/fields/get
- indices:admin/validate/query
- indices:data/read/search
- indices:data/read/msearch
- indices:admin/get

  '.kibana':
    - indices:admin/create
    - indices:admin/exists
    - indices:admin/mapping/put
    - indices:admin/mappings/fields/get
    - indices:admin/refresh
    - indices:admin/validate/query
    - indices:data/read/get
    - indices:data/read/mget
    - indices:data/read/search
    - indices:data/write/delete
    - indices:data/write/index
    - indices:data/write/update

My configuration of kibana :

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://127.0.0.1:9200"
elasticsearch.preserveHost: true
kibana.index: ".kibana"
kibana.defaultAppId: "discover"
elasticsearch.username: kibana
elasticsearch.password: kibana

Thank's


(system) #2