Role 'reporting_user' is deprecated. Please use Kibana feature privileges instead

latest version 7.16.3 (forever free edition)

management > users

How do I grant users reporting permissions without using the deprecated reporting_user in the forever free edition that does not support sub-feature privileges?

1 Like

Same question here... if I understand correctly, then they have made it a payable feature :pensive:

1 Like

I have looked at https://github.com/elastic/kibana/pull/94966 and also tried to include xpack.reporting.roles.enabled: false in the kibana.yml file. So far, without luck.

@tsullivan how does this relate to the forever free basic edition of the stack?

1 Like

Hi, the Basic Elastic license provides some, but not all, security features. One thing it does not provide is the ability to define a custom role that grants access Kibana Application features.

If you are on a Basic license, using the deprecated role is necessary to generate CSV reports, which are another Basic license feature.
EDIT BY JOE: this isn't true, see comment below.

Sorry about the confusion. I would welcome a writeup on an issue at https://github.com/elastic/kibana/issues/new

Security team member here!

@tomx1 @jsteenkamp sorry for the confusion, I think we need to improve our documentation and our role management UI.

Downloading CSV reports (from Discover or Dashboard) has always been part of the Basic license, and that isn't changing. When you use the new Reporting authorization (when you have configured xpack.reporting.roles.enabled: false), that means access to Reporting is now controlled by Kibana feature privileges instead of the separate reporting_user role.

To clarify: all you need to create CSV reports with Kibana feature privileges is to have "All" access to the Discover and/or Dashboard feature.

Sub-feature privileges, which are available with a Gold+ license, allow you to customize that level of access. For example, you may want to give users who have "Read" access the additional ability to create CSV reports. Or, you may want to prevent users with "All" access from creating CSV reports. With a Gold+ license, you just have more granular control.

The role management UI changes were originally geared more towards subscription users, but now that we have more sub-features that are available with the Basic license I think it makes sense to enhance that UI to show administrators exactly what users can access with a given feature. I opened an issue for the latter here: #125289

Hope that helps!

7 Likes

thank you! @jportner

Thanks a ton for the clarification, @jportner

1 Like

Cleared it up for me! Thank you!

I have added a section to our documentation to explain setting up user access for CSV reports, with a free basic license: Configure reporting in Kibana | Kibana Guide [7.16] | Elastic