Rolebased access for dashboards in kibana

Hey Guys,

We have a scenario to setup kibana dashboards for whole IT Infrastructure which includes
wintel, linux, network and application dashboards

(dashboards will be like performances of servers, network devices and applications)

Now we need to give access to users which should be like
=>NOC user will have access to all dashboards
=>Wintel administrator will have access to only wintel dashboards
=>Linux administrator will have access to only linux dashboards
=>Network administrator will have access to only network dashboards

I have tried my level best to achieve this through spaces, but the problem is i'm not able to use one dashboard in two spaces (e.g: Noc user will have wintel performance data as well, so i can use the same dashboard for wintel administrator instead of creating new)

Is there a way to achieve to this scenario? Is this doable using kibana?
I'm using elasticsearch 7.2.0

Please provide your advice.

Thanks
Gautham

Hey Guys,

Any advice on the above mentioned questions??

Thanks
Gautham...

Hi @Gauti,

My first thought was to create 3 spaces (one for wintel dashboards, one for linux and one for network), then create 4 different roles:

  • wintel - gives access only to wintel space
  • linux - gives access only to linux space
  • network - gives access only to network space
  • noc - gives access to all three spaces.

Wouldn't that work for you?

but the problem is i'm not able to use one dashboard in two spaces

Yeah, there is no way currently to have the same dashboard in multiple spaces. The only way to imitate that is to export dashboard from one space and import it to another one. But I'm not 100% sure you really need this.

Best,
Oleg

Hi @azasypkin Your idea looks great, may be i can use this solution if i am hosting for single customer.

My scenario here is i'm trying to utilize kibana as a multitenant way. I have created spaces to differentiate customers,
correct me if i'm wrong, i'll have a space for customer and again spaces for different towers(wintel,linux,network & noc) in that case i'll end up creating a lot of spaces

moreover can we assign two spaces for a role?

Thanks
Gauti

Yeah, that's not unusual solution, there are people who create hundreds of spaces for that purpose (manually or using the API). But it's really hard to say how you can optimize it without full understanding of your data/security model, like which user groups should get access to which indices, which permissions should they get, what the difference between customer groups, etc. I'd encourage you to play with different options and see how well they fit.

Having said that we're actively investigating the ways we can improve that experience and make it easier to model different use cases with spaces. Feel free to leave your feedback on any of the Space-related enhancements we're discussing right now.

Yes, definitely, you can add multiple "Space privileges" to a single role. See screenshots from the role management page (7.2.0):

Screenshot%20from%202019-07-17%2008-40-34 Screenshot%20from%202019-07-17%2008-40-46

Best,
Oleg

1 Like

Thanks @azasypkin will go head with this approach as of now.

Thanks
Gauti