Hi,
We want to create a restricted space to certain users who can only have certain read permissions. To do this we are doing the following:
-
From the elastic user, we create the new space "users" with the apps limitations (Discover, D
ashboards and Management). -
With the elastic user, we create the role "basic_user_role", with only "read" and "view_index_metada" privileges for the indexes that meet the regex "index-*" and in kibana privileges we define that only has access to the users space and can only view Discover and Dashboard with read permissions, in this case Management is not enabled.
-
With the elastic user and the role already created, we register the user "basic_user" with the basic_user_role that we create previously.
The expected behavior differs from our local testes. In our local, when we login with "basic_user", we just have access to the "Users" space, where only Discover and Dashboard are seen with read privileges and Management Stack-Management is not shown.
On the other hand, in the integration cluster, when we login with "basic_user", we sees with edit privileges both Discover and Dashboard as free access to Stack Management and olso have access to the Default space.
The tests performed were on both 7.14.2, 7.15.2 and 7.16.2, Windows, Linux and Docker versions.
The integration cluster is in a kubernetes container, created from a custom image.
We suspect that it is due to the custom-image with which Elasticsearch is created, because if we pointing with a kibana from our local and unmodified we get the same problems.
Best regards