Kibana X-Pack user specific permissions

security

(Ofer Peretz) #1

Hi Guys!

I've recently added the X-Pack with the trial license for learning.
I'm getting little bit confused with the user management operations and permissions.
Configured everything and have 'elastic' user with full permissions.

What im trying to do:

  1. Create new user with the minimal permission that will have ability to use 'discover' tab and search in a specific index (i have around 20 indexes)
  2. That user should have access to dashboards and visualize, other than that all other settings should be denied.

What ive done so far:

  1. Deploy Kibana 6.4.2, ES Cluster 6.4.2
  2. Created User: test
  3. Created Role: testrole
  4. assigned 'boxes' index and '.kibana' index to the role and attached to it 'read' permission and 'view_index_metadata'

Logged in with the test user and try to get OTHER index than 'boxes', seems that test user has permissions everywhere like superuser.

what im missing?

thanks,
ofer.


(Ioannis Kakavas) #2

Hi

I think what you're looking for is a dashboard only user role along with read permissions to the indices that hold the data for the dashboards and visualizations that your user needs to view.


(Ofer Peretz) #3

Hi Ioannis,
Thanks for your quick response!
Dashboard only user role is restricting the user from using 'discover' tab that he can perform free search on the index he wants. that's a must for us.

there's a way to let the user use specific index's inside the 'discover' tab?

thanks!


(Ofer Peretz) #4

After deploying freshly new ELK 6.4.3 on a new server, all permission seems to work out of the box...
seems that when upgrading from 6.3.2 to 6.4.3, user permission stop functioning for some reason.

can someone can direct me where to start looking where's the problem?

thx