Only access to Management Kibana: Spaces, Users and Roles

Hi community, for certain Users I would like to know how to configure Kibana management in such a manner that these Users only have acces in Kibana Management to:

  • Spaces: to create and modify
  • Users: to create and modify
  • Roles: to Clone and modify an existing Role
  • Saved Objects to Export to Spaces and to Export, for migration to another Elasticcloud

I don't want these users to have access in Kibana management to:

  • Everything under the header Elasticsearch
  • Index Patterns
  • Alerts and Actions
  • Reporting
  • Advanced Settings
  • Logstash Pipelines
  • Beats Central Management
  • API Keys
  • Role Mappings
  • Machine Learning Jobs List

I could only find the role 'superuser', which has access to the items I would like, but this role has too much rights.

To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges. More documentation and how to create the roles and users is defined here
https://www.elastic.co/guide/en/kibana/current/xpack-security-authorization.html

hope it helps
Rashmi

Dear Rashmi, thank you for your answer. It is helpfull. However I am not quite there yet. I would like certain users to be able to create a new Space. The only role I can find is "superuser" who has this privilege, but i am reluctant to provide this superuser role to those users. Do you have another great suggestion for me?

Thank you for your reply. We will have to dig a little deeper into this. Am copying our security experts on this thread.
cc @Larry_Gregory @jportner

You can use the kibana_admin role instead. This is much more restricted than the superuser role. It doesn't give access to any Elasticsearch indices, but it does give access to everything in Kibana, which might not be desirable.

There is an open issue related to this: https://github.com/elastic/kibana/issues/51759
That enhancement will add a special "Space management" Feature in Kibana, so a more restricted role can be used to create and edit Spaces. You may want to subscribe to that issue for updates.

Hope that helps,
-Joe

Thank you Joe.
I have commeted on github issue.
With the kibana_admin role I am able to start, but a role in which I can manage the Management Authorization per item would be much appriciated. :wink:

@ErwinEnableU Great!

Until that enhancement is implemented, that's the most minimally-privileged role you can create that allows a user to create/modify Spaces.

Being that we have the open enhancement issue, would you consider this topic to be resolved?

Hi Joe,

Yes this issue is closed for now. I am looking forward to the solution that is being developed. Any thoughts about in which version I can expect the solution?

Unfortunately I can't comment on timelines, but it's good that you added a comment to the issue, as that helps us prioritize our backlog!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.