Profiling access to Uptime

Elastic Observability Synthetics
1

Hello,
is it possible within Kibana 7.10.2, to differentiate what users see and what they can do in the Uptime module?
For example, if I configure a ping for site A and site B, I'd like user A to see only site A in Uptime, and user B to see only site B.
Thanks

2

Hi @dantonag, yes you can configure Uptime to do this in 7.10. There are a few steps to achieve what you're asking.

  1. Configure Heartbeat(s) to write to different indices for your different groups
  2. Set up a space for each group of users
  3. Create roles for each group of users

Configure your heartbeat(s) to write to the index you want your "User A" to see, heartbeat-A, etc.

You can set up spaces in Kibana. For each group of users you want to use Uptime, you can configure a new space; so "user A" will get access to "Space A". As a user with write access for Uptime, you can configure which index Uptime will look for in the given space from the settings page:

spaces
spaces2700×1814 325 KB

Lastly, create a role to assign to "User A". This role should have read access to the index you used for "Space A" (i.e. heartbeat-A), and read-only access to the Uptime app under Kibana privileges:

image
image2378×238 12.3 KB

image
image1476×1476 187 KB

NOTE: be careful that the indices you grant for are unique to the names you use for each group. If you grant a role access to heartbeat*, and you use heartbeat-A and heartbeat-B for your index names, the role with have access to both indices. The permissions must correlate to the pattern you intend for each role.

Add your new role to "User A" (find them under Stack Management/Security/Users) and now, when they navigate to Uptime they will only see the contents of your heartbeat-A index. If you configured them as Read access, they can see the settings but not modify them:

image
image1690×558 46.9 KB

Reply back should you have any follow-up questions, we're here to help.

EDIT - I added a section to underline the importance of paying extra attention to index names when granting permissions to roles.

2 Likes
3

@dantonag as a note, this will separate the monitors in the UI, but you'll need to set index level permissions to fully ensure that users can't read indexes they aren't supposed to have access to.

4

This topic was automatically closed 24 days after the last reply. New replies are no longer allowed.