In Kibana 4 and below, we have an Apache reverse proxy sitting in front and used the LocationMatch directives to restrict users to certain dashboards, etc.
e.g. user A had full control over visualisations / dashboards beginning with "TEST"
This worked because Kibana posted the name of the dashboard/visualisation as part of the URL parameters.
However in Kibana 5, the object names have been replaces with a unique ID and so it is not possible to pattern match the URL any more.
It's also confusing as the new URL is meaningless to a user.
Is there any way to make Kibana 5 behave in the same way it did before?
(PS I know x-pack provides native security but cost is an issue)