Only access to Management Kibana: Spaces, Users and Roles

ErwinEnableU · August 27, 2020, 12:28pm

Hi community, for certain Users I would like to know how to configure Kibana management in such a manner that these Users only have acces in Kibana Management to:

Spaces: to create and modify
Users: to create and modify
Roles: to Clone and modify an existing Role
Saved Objects to Export to Spaces and to Export, for migration to another Elasticcloud

I don't want these users to have access in Kibana management to:

Everything under the header Elasticsearch
Index Patterns
Alerts and Actions
Reporting
Advanced Settings
Logstash Pipelines
Beats Central Management
API Keys
Role Mappings
Machine Learning Jobs List

I could only find the role 'superuser', which has access to the items I would like, but this role has too much rights.

rashmi · August 28, 2020, 5:16am

To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges. More documentation and how to create the roles and users is defined here
https://www.elastic.co/guide/en/kibana/current/xpack-security-authorization.html

hope it helps
Rashmi

ErwinEnableU · September 4, 2020, 7:56am

Dear Rashmi, thank you for your answer. It is helpfull. However I am not quite there yet. I would like certain users to be able to create a new Space. The only role I can find is "superuser" who has this privilege, but i am reluctant to provide this superuser role to those users. Do you have another great suggestion for me?

rashmi · September 4, 2020, 4:55pm

Thank you for your reply. We will have to dig a little deeper into this. Am copying our security experts on this thread.
cc @Larry_Gregory @jportner

jportner · September 4, 2020, 5:15pm

You can use the kibana_admin role instead. This is much more restricted than the superuser role. It doesn't give access to any Elasticsearch indices, but it does give access to everything in Kibana, which might not be desirable.

There is an open issue related to this: Add "Space management" feature · Issue #51759 · elastic/kibana · GitHub
That enhancement will add a special "Space management" Feature in Kibana, so a more restricted role can be used to create and edit Spaces. You may want to subscribe to that issue for updates.

Hope that helps,
-Joe

ErwinEnableU · September 8, 2020, 7:33am

Thank you Joe.
I have commeted on github issue.
With the kibana_admin role I am able to start, but a role in which I can manage the Management Authorization per item would be much appriciated.

jportner · September 8, 2020, 1:51pm

@ErwinEnableU Great!

Until that enhancement is implemented, that's the most minimally-privileged role you can create that allows a user to create/modify Spaces.

Being that we have the open enhancement issue, would you consider this topic to be resolved?

ErwinEnableU · September 9, 2020, 6:21am

Hi Joe,

Yes this issue is closed for now. I am looking forward to the solution that is being developed. Any thoughts about in which version I can expect the solution?

jportner · September 9, 2020, 12:47pm

Unfortunately I can't comment on timelines, but it's good that you added a comment to the issue, as that helps us prioritize our backlog!

system · October 7, 2020, 12:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana spaces Kibana	8	396	February 19, 2019
Manage Users are Roles in Kibana w.r.t Spaces Kibana elastic-stack-security	2	326	September 23, 2019
User role to just manage the users in Kibana/x-pack security Kibana	5	341	August 27, 2019
Is there anything that i can do to hide the user and role details who donot belong to the space from the admin of that space? Kibana	2	337	June 22, 2020
Kibana 6.7.2 User & Space Management Kibana	5	698	July 4, 2019

Only access to Management Kibana: Spaces, Users and Roles

Related topics