We are using Shield (Security) and created some power user accounts. They have the following roles assigned:
kibana_user
monitoring_user
reporting_user
logstash_admin
read_all
Those are all built in roles from https://www.elastic.co/guide/en/x-pack/6.x/built-in-roles.html except for read_all, which gives them read on all indices. (It's their data, anyway; We separate clients by cluster.)
Things basically work fine, except for two small issues:
- They cannot use the Grok Debugger. We have xpack.grokdebugger.enabled (https://www.elastic.co/guide/en/kibana/current/dev-settings-kb.html), however, it worked for them only when we gave them superuser (which we had to take away again). I'm not sure why this isn't allowed for lesser beings. (It's not a blocker since they can still use online tools - but that's not what you built the grok debugger for, is it.)
- We cannot control who's allowed to use the console and who isn't per Shield user - only per Kibana instance (console.enabled, https://www.elastic.co/guide/en/kibana/current/settings.html), and we currrently have only one. It would be cool if this could be controlled by role. Again, it's not deadly.
Are there any plans to make the grok debugger accessible for non superuser? Or to control access to both grokk debugger and console via roles?