Limiting role to a space removes search access?

fwalling · June 27, 2024, 4:49pm

I've installed elastic and kibana 8.14.1 on Linux via the tar.gz method. I started both without any parameters, and used the enrollment token to connect them. I logged in to kibana using the generated elastic user and password.

I created a new space with everything enabled, including "Search". I created a new role that gives read access to all kibana features. I created a new user that only has that single role.

Logging in with the new user shows a home page without the normal "Search" button. If I change the user's role's kibana permissions to "all" for just the new space, I see the same thing (no "Search" button). I only see the Search button for the user if I set the user's role's kibana permissions to "all" for "All Spaces" and not just the single space. Even if I set the permissions to "read" for "All Spaces", the "Search" button disappears.

How can I set up spaces, roles, and users so that a user only has access to one of the spaces, but can still see "Search"? Or even a user that doesn't have All kibana access to All spaces, but can still see search? Is this possible?

fwalling · June 28, 2024, 6:35pm

Here's a screenshot of what I'm talking about:

leandrojmp · June 29, 2024, 2:47pm

This can be a little confusing and the documentation does not help.

This Search part you see is related to the Enterprise Search, which is a different tool that you need to install as well, it is not the search functionality in normal indices.

So, if you are not using Enterprise Search, then you can ignore it as it will have no impact in normal searchs.

I never used Enterprise Search, but you can read more about it here.

I also couldn't find any documentation that would explain what gives permission to this app, but if you click on the Search button you will see that the your url will change to something like this: https://your-host:5601/app/enterprise_search/overview.

Maybe someone from Elastic can provide more insight about this.

fwalling · July 1, 2024, 3:44pm

If I set up the role to be one without the "Search" button and I try to go straight to that URL with the user, I see this:

Topic		Replies	Views
How to limit visibility of spaces Kibana	6	1959	October 21, 2019
Hide space for user Elasticsearch	5	527	July 30, 2020
Grant permission to space is not effect Kibana	3	988	July 4, 2019
Setting privileges to spaces, privileges not working on default space Kibana elastic-stack-security	9	619	July 26, 2019
Kibana_dashboard_only_user and Spaces Security issue Kibana elastic-stack-security	4	641	December 27, 2018

Limiting role to a space removes search access?

Related topics