Hi ,
How could i manage kibana when multiple user's are there, like i am the admin user and i should get full access to kibana, like wise there will another user which is Normal user he should have limited access in kibana like only he can see visulaizations and dashboards in kibana(read-only access) . how could i accomplish this . Please help me
.
Hi @RamyaGowda
You would need x-pack to be installed for this. Once you install it , the security plugin enables you to have fine grained role based access control to cater to the use case you have described.
https://www.elastic.co/guide/en/x-pack/current/setting-up-authentication.html
https://www.elastic.co/products/x-pack/security
Try it, it comes with a 30 day trial license on fresh install.
Cheers
Rashmi
Hi @rashmi,
I installed x-pack and and i have admin role , and i have created one normal user
POST /_xpack/security/user/vinayak
{
"password" : "vini@123",
"roles" : [ "other_role1" ],
"full_name" : "Vinayak Choubey",
"email" : "vinayak@gmail.com",
"metadata" : {
"intelligence" : 7
},
"enabled": true
}
i am not abel to access any of the things,when i logged in with above user credentials ,and i am getting bellow error
Config: Error 403 Forbidden: action [indices:data/write/update] is unauthorized for user [vinayak]: [security_exception] action [indices:data/write/update] is unauthorized for user [vinayak]
Can you please share what roles does this user have here? We can figure out further what's wrong then. If he doesn't have enough permissions and roles assigned to him, he would get the error you have mentioned.
Thanks
Rashmi
Hi @rashmi,
i have assigned the roles to users ,now they could access dashboard , but not dashboard data, means in ES this week data is there when normal user clicks on dashboard he is getting nothing empty container's
here is the attachment where you can see the user's and their roles
When i logged is as superuser i.e elastic dashboard data is visible ,
when i logged in as normal user , user is able to access the dashboard but no data
In both super user and normal user i selected same Time Range
You would have to give read and view_index_metadata to the user you created.
The kibana_user- Grants the minimum privileges required for any user of Kibana. This role grants access to the Kibana indices and grants monitoring privileges for the cluster. Its a reserved role.
Do you know that roles and users can be accessed via Management and role/user management can be easily handled there?
Hope this helps,
Thanks
Rashmi
Hi @rashmi
Please check the sreenshot read and view_index_metadata privileges are assigned to the user by default.
The problem is that you have only given the user permissions on the .kibana index. They must also have read permissions on any indicies that contain data they need access to. I recommend...
- creating a new role, e.g.
elb_ro - give this role read permissions to the the indicies where the data is located.
- add the
elb_rorole to any users that will be using these dashboards. NOTE: users can have multiple roles.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.