Hi all, and thx a lot for those wonderful ELK tools.
I'm trying to configure a limited-access user, able to only create visualizations for a given space, limited to a specific index, with ELK 7.6.0. User shall not be able to change data itself nor Kibana config, just use it to produce visualization, dashboards and discover data.
index : 'lolo' space 'lolo' : show only discover, visualize, dashboard features role 'lolo_role' : index privileges : index : 'lolo' => read, view_index_metadata index: '.kibana*' => read, view_index_metadata space privileges : space 'lolo': 'all' to discover,visualize,dashboard, none otherwise user 'Laurent' : Roles : 'lolo_role', 'kibana_user'
This user has still access to the 'Management/Kibana/Spaces' menu and is free to do whatever he wants there (create/delete spaces), while I was expecting this menu to be disabled or hidden in such case.
Same config but when removing the 'kibana_user' from user roles, works fine for discover, except that I get 2 error messages when consulting data :
-> `Unable to update UI setting : Request failed with status code: 403` -> `Error fetching fields for index pattern lolo : Forbidden'`
but it can still show index contents however.
Is there anything I misunderstand, some additional access rights I shall assign to the .kibana indices for my role ?
Moreover, 'kibana_user' is marked has being deprecated in documentation :
Using 'kibana_admin' leads to same effect, which then make me think that there might be a 'read-only' user and/or 'use -but-don't-admin' user missing in kibana documentation ?