Managing kibana for multiple users


(Ramya) #1

Hi ,
How could i manage kibana when multiple user's are there, like i am the admin user and i should get full access to kibana, like wise there will another user which is Normal user he should have limited access in kibana like only he can see visulaizations and dashboards in kibana(read-only access) . how could i accomplish this . Please help me
.


(kulkarni) #2

Hi @RamyaGowda

You would need x-pack to be installed for this. Once you install it , the security plugin enables you to have fine grained role based access control to cater to the use case you have described.

https://www.elastic.co/guide/en/x-pack/current/setting-up-authentication.html

https://www.elastic.co/products/x-pack/security

Try it, it comes with a 30 day trial license on fresh install.

Cheers
Rashmi


(Ramya) #3

Hi @rashmi,

I installed x-pack and and i have admin role , and i have created one normal user

POST /_xpack/security/user/vinayak
{
"password" : "vini@123",
"roles" : [ "other_role1" ],
"full_name" : "Vinayak Choubey",
"email" : "vinayak@gmail.com",
"metadata" : {
"intelligence" : 7
},
"enabled": true
}

i am not abel to access any of the things,when i logged in with above user credentials ,and i am getting bellow error

Config: Error 403 Forbidden: action [indices:data/write/update] is unauthorized for user [vinayak]: [security_exception] action [indices:data/write/update] is unauthorized for user [vinayak]


(kulkarni) #4

Can you please share what roles does this user have here? We can figure out further what's wrong then. If he doesn't have enough permissions and roles assigned to him, he would get the error you have mentioned.

Thanks
Rashmi


(Ramya) #5

Hi @rashmi,
i have assigned the roles to users ,now they could access dashboard , but not dashboard data, means in ES this week data is there when normal user clicks on dashboard he is getting nothing empty container's

here is the attachment where you can see the user's and their roles

When i logged is as superuser i.e elastic dashboard data is visible ,

when i logged in as normal user , user is able to access the dashboard but no data

In both super user and normal user i selected same Time Range


(kulkarni) #6

You would have to give read and view_index_metadata to the user you created.
The kibana_user- Grants the minimum privileges required for any user of Kibana. This role grants access to the Kibana indices and grants monitoring privileges for the cluster. Its a reserved role.

Do you know that roles and users can be accessed via Management and role/user management can be easily handled there?

Hope this helps,

Thanks
Rashmi


(Ramya) #7

Hi @rashmi

Please check the sreenshot read and view_index_metadata privileges are assigned to the user by default.


(Robert Cowart) #8

The problem is that you have only given the user permissions on the .kibana index. They must also have read permissions on any indicies that contain data they need access to. I recommend...

  1. creating a new role, e.g. elb_ro
  2. give this role read permissions to the the indicies where the data is located.
  3. add the elb_ro role to any users that will be using these dashboards. NOTE: users can have multiple roles.

(Ramya) #9

@rcowart

Thank you so much for your reply it worked :slight_smile:


(system) #10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.