Limiting role to a space removes search access?

Elastic Stack Kibana
1

I've installed elastic and kibana 8.14.1 on Linux via the tar.gz method. I started both without any parameters, and used the enrollment token to connect them. I logged in to kibana using the generated elastic user and password.

I created a new space with everything enabled, including "Search". I created a new role that gives read access to all kibana features. I created a new user that only has that single role.

Logging in with the new user shows a home page without the normal "Search" button. If I change the user's role's kibana permissions to "all" for just the new space, I see the same thing (no "Search" button). I only see the Search button for the user if I set the user's role's kibana permissions to "all" for "All Spaces" and not just the single space. Even if I set the permissions to "read" for "All Spaces", the "Search" button disappears.

How can I set up spaces, roles, and users so that a user only has access to one of the spaces, but can still see "Search"? Or even a user that doesn't have All kibana access to All spaces, but can still see search? Is this possible?

2

Here's a screenshot of what I'm talking about:

KibanaPerms
KibanaPerms1762×1884 270 KB

3

This can be a little confusing and the documentation does not help.

This Search part you see is related to the Enterprise Search, which is a different tool that you need to install as well, it is not the search functionality in normal indices.

So, if you are not using Enterprise Search, then you can ignore it as it will have no impact in normal searchs.

I never used Enterprise Search, but you can read more about it here.

I also couldn't find any documentation that would explain what gives permission to this app, but if you click on the Search button you will see that the your url will change to something like this: https://your-host:5601/app/enterprise_search/overview.

Maybe someone from Elastic can provide more insight about this.

1 Like
4

If I set up the role to be one without the "Search" button and I try to go straight to that URL with the user, I see this:
image