Per dashboard user access?

Hi,

I want to try and push management to move to Elastic cloud (again) so we can use the X-pack features but is it possible to set up fine grained access to dashboards on a user level? E.g. User A can access Dashboard A, B and C but user B can only access Dashboard C.

This is an absolute must for our use case. I don't believe this was possible the last time I tried X-pack (5.6) but maybe its possible on 6.3?

Have you tried Kibana- dashboard only mode feature.If X-Pack security is enabled, you can use the kibana_dashboard_only_user built-in role to limit what users see when they log in to Kibana.

Users assigned this role are only able to see the Dashboard app in the navigation pane. When users open a dashboard, they will have a limited visual experience. All edit and create controls are hidden.

For more documentation: https://www.elastic.co/guide/en/kibana/6.x/xpack-dashboard-only-mode.html

Cheers
Rashmi

On top of the dashboard-only mode you can control the data shown to users based on their role. However, currently everybody on the same Kibana instance shares all the dashboards. You could work around this with multiple Kibana instances (group X logs into one Kibana instance with the dashboards A, B, C; group Y logs into another Kibana instance with dashboard C), but this is currently not supported by cloud; you'd need to run the second, third,... Kibana instances yourself.

But what you are describing is exactly what we are currently building as "Spaces". See https://github.com/elastic/kibana/issues/18948 for a detailed description and mockups. It's under active development, but (as always) we can't commit to a specific release version or date :slight_smile:

That looks very interesting. Is there a rough ETA on a release?

However, looking at that screenshot a user will still have to choose his/her space and after that there will be authentication? For my use case the authentication would need to come first and only then show available spaces to avoid any data (even if its just a space name or dashboard name) to leak out as we want to give outsiders access to our data.

For now I might get away with using iframes. It will create a ugly double login situation (one for xpack, one for the initial landing page outside of elastic) and if you look at the page source you can still easily access kibana and show all available dashboard but if we use different indices at least they shouldn't be able to view any of the data. Downside is that managing all the different visualizations and dashboards for each customer will be a PITA.

Is there a rough ETA on a release?

Sorry — like I said, we don't publish release dates or ETAs. Estimates in software development are hard and we don't rush releases. There are often good reasons why something might take longer than we have originally anticipated.

However, looking at that screenshot a user will still have to choose his/her space and after that there will be authentication?

Spaces will tie into the security concept. The issue also states: "Spaces will be available in x-pack basic as an organization feature, and will be securable once Security is enabled." My understanding is that in this mockup security isn't enabled. I think https://github.com/elastic/kibana/pull/21049 can give an impression of the planned management of Space permissions.

Thanks. That does look like what I need.

I understand you don't publish ETAs but at the same time, me as a customer needs an ETA. Proper user access control is the only thing missing (well, that and a map option that allows you to draw a line between points) from Kibana that prevents us from using it as a portal for access outside our own team. Even a very rough ETA will help me sell Elastic cloud/xpack to management but if without an ETA there isn't much I can do.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.