Managing roles for Kibana: field level security possible?

security

(Dimitrios Paspaltzis) #1

Dear ,

If I am not wrong, shield is in front of elasticsearch and a separate installation has to be done also in front of Kibana. In the 1st case it is clear that it is possible to assign roles for each user to access certain indices and certain fields in those indices. Regarding the Kibana shield plugin, do we have to redefine the same roles for each user again (if possible) or are these 2 plugins connected in the sense that if a user tries to access through Kibana some fields that he is not allowed to see according to his role defined in the elasticsearch shield, he will be blocked? There is an example in the Kibana shield part documentation for role definition which does not go deeper than the index level.

Is there an online platform provided by you where I can test some basic things regarding shield and present them to my management without having to do all the installations (ELK, shield) in a test server?

Thank you in advance.

Kind regards

Dimitrios


(Mark Walkom) #2

When you authenticate with KB, you are actually passing that through to ES to run. So you only need to define the roles etc in ES.

Take a look at https://www.elastic.co/cloud/


(Dimitrios Paspaltzis) #3

Thank you for your responses. Just to be 100% sure, can you comment on the following?

  1. If you have not installed shield in Kibana, but only in Elasticsearch, you connect without authentification to Kibana and when you run a query from Kibana, you are asked to provide your credentials in order to connect to Elasticsearch.
    The users and the roles are all defined in the shield plugin in Elasticsearch. The only reason to install shield also in Kibana is to have the authentication before you connect to Kibana.
  2. The example used for defining a role for Kibana is the following:

my_kibana_user:
cluster:
- monitor
indices:
- names: 'logstash-'
privileges:
- view_index_metadata
- read
- names: '.kibana
'
privileges:
- manage
- read
- index

Is there Field Level Security possible as it is for elasticsearch users? Can we define the fields of the indices where the Kibana user can have access like the following one for the fields "title", "body":

POST /_shield/role/my_fls_role
{
"indices": [
{
"names": [ "index1", "index2" ],
"privileges": ["read"],
"fields": [ "title", "body" ]
}
]
}

Thank you in advance.

Kind regards,

Dimitrios


(system) #4