I have created a custom read only role for users from my company with the intention that they have read only access to dashboards to consume the data.
I have created a custom role on the indices that they need access to, assigned the "read" privilege to those indices.
Additionally I have provisioned the role read access for Kibana discover and dashboards on the production space only.
We are set up with SSO and the roles on AD are mapped correctly.
However when I log in as a test user who is assigned this role I still have full reign to view all spaces, even delete and create those spaces. They're also able to access Enterprise search, Observability, Security and Dev tools etc on all our space. Components that were excluded from the one space I did give access to.
Everything looks to me like it is in order from both the AD and Elastic side but is there anything that I have missed?
Thanks for the response. Yeah very sure, have checked that out in Azure AD.
I saw the post below about enabling security in the Elasticsearch.yml, because by default on basic tier licenses it's disabled. This would be more security features on the cluster though I imagine. Would you know?
Yes, setting the security configuration xpack.security.enabled: true in Elasticsearch.yml seems to be the first step for configuring security in kibana.
Seems strange though that functionality provided from stack management wouldn't actually provide any security restrictions until the yml is edited. I find it hard to imagine we're the first users that's tripped up
Update: I have found that by default the kibana_admin role is getting applied all users by default. Does anyone know where this would be configured? Or how to overwrite?
Cheers for your response. You were absolutely right. We were missing a condition on the role mapping so it was catching everything user from our Ad realm
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.