Restrict Kibana users to only see some APM service.environment in APM UI

Agzem · April 13, 2020, 2:52pm

Hi, I would like to ask if there is a way to config Kibana's APM UI to restrict users to only see some environment in ELK 6.8?
for example I have 3 APM indexes which are

*-apm-*
foo-bar-apm-*
jane-doe-apm-*

these indexes getting data from 2 Java Apm-Agent's environment configuration which are sending to the same APM server as below

service.environment : foo-bar
service.environment: jane-doe

I configured Kibana config as below for APM UI

apm_oss:
      indexPattern: "*-apm-*"
      errorIndices: "*-apm-*"
      onboardingIndices: "*-apm-*"
      spanIndices: "*-apm-*"
      transactionIndices: "*-apm-*"

now if I want user-A to only see data from foo-bar and user-B to only see data from jane-doe environment in APM UI is this possible

caue.marcondes · April 14, 2020, 10:06am

Hi @Agzem, how are you doing?

I believe you can achieve what you want by creating a new Role for each user and specifying the field Grant read privileges to specific documents, like the image below:

As you can see I created a new Role which grants read privileges to apm-* but only for production environment.

You can read more about it in the document-level-security page.

Agzem · April 16, 2020, 4:06pm

Hey @caue.marcondes, doing great, thanks

ah I see , I was searching in Kibana documents the whole time. thank you again, this is exactly what I was looking for.

system · May 7, 2020, 12:06pm

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.