is it possible within Kibana 7.10.2, to differentiate what users see and what they can do in the Uptime module?
For example, if I configure a ping for site A and site B, I'd like user A to see only site A in Uptime, and user B to see only site B.
Hi @dantonag, yes you can configure Uptime to do this in 7.10. There are a few steps to achieve what you're asking.
- Configure Heartbeat(s) to write to different indices for your different groups
- Set up a space for each group of users
- Create roles for each group of users
Configure your heartbeat(s) to write to the index you want your "User A" to see,
You can set up spaces in Kibana. For each group of users you want to use Uptime, you can configure a new space; so "user A" will get access to "Space A". As a user with write access for Uptime, you can configure which index Uptime will look for in the given space from the settings page:
Lastly, create a role to assign to "User A". This role should have read access to the index you used for "Space A" (i.e.
heartbeat-A), and read-only access to the Uptime app under Kibana privileges:
NOTE: be careful that the indices you grant for are unique to the names you use for each group. If you grant a role access to heartbeat*, and you use heartbeat-A and heartbeat-B for your index names, the role with have access to both indices. The permissions must correlate to the pattern you intend for each role.
Add your new role to "User A" (find them under
Stack Management/Security/Users) and now, when they navigate to Uptime they will only see the contents of your
heartbeat-A index. If you configured them as
Read access, they can see the settings but not modify them:
Reply back should you have any follow-up questions, we're here to help.
EDIT - I added a section to underline the importance of paying extra attention to index names when granting permissions to roles.
@dantonag as a note, this will separate the monitors in the UI, but you'll need to set index level permissions to fully ensure that users can't read indexes they aren't supposed to have access to.
This topic was automatically closed 24 days after the last reply. New replies are no longer allowed.