LDAP roles + Grating access to a subset of data (Kibana 4)

matt · June 5, 2015, 3:43pm

Hi there,

We have a server farm belongs to various enterprise groups. As part of the security meassures, we want to limit certain users from accessing some parts of the centralized data.

Current Setup:

Server Grp A  => Logstatsh appends server_grp:AAA => Central Elastic DB
Server Grp B  => Logstatsh appends server_grp:BBB => Central Elastic DB
....
....
Server Grp N  => Logstatsh appends server_grp:NNN => Central Elastic DB

LDAP User Groups:

UserGrp01 - Access to server_grp:AAA
UserGrp02 - Access to server_grp:BBB
UserGrp03 - Access to server_grp:AAA & BBB
UserGrp04 - Access to server_grp:BBB & NNN

Straight out of the box, can Shild be used to do this? Or do I have to write some wrapper module to do this.
As it is right now, any user who gets authenticated gets access to all available logs.

Any help is much appreciated. Thanks!

MT

Christian_Dahlqvist · June 5, 2015, 4:34pm

Shield can out of the box control access to both indices and aliases, as well as cluster level operations. If your data goes into different indices, you can control access directly by index by assigning appropriate roles. If your events all share an index, you can instead create filtered aliases as a layer on top of the indices and control access using these instead.

Best regards,

Christian

matt · June 5, 2015, 6:20pm

Thanks Christian,

Let me do some reading on that now. Thanks again for your help!

MT