Secure access to dashboards

zeenon · October 31, 2017, 11:20am

We want to secure our dashboards and allow some users only to visualize dashboards: no modification, no save, no upgrade.
I understand that I have to create a dedicated role but it does not work:

{
  "cluster": ["monitor"],
  "indices": [
    {
      "names": [ ".kibana*" ],
      "privileges": ["read"]
    },
    {
      "names": [ ".reporting*" ],
      "privileges": ["all"]
    }
  ]
}

With this configuration of "read" to indice ".kibana", I have a blank page.
With "all" to indice ".kibana", I can modify and delete dashboards.
How to setup the profile ?
thanks for your tips,

a5a · October 31, 2017, 3:20pm

Hi zeenon,

This user also needs read access to the indices that are associated with those dashboards. Have you granted access to those indices that contain data for those dashboards?

Thanks,
Archana (a5a)

zeenon · October 31, 2017, 4:05pm

thanks for your answer. I have read access

{
  "cluster": ["monitor"],
  "indices": [
    {
      "names": [ "idx_zzit_wapi*", "aliaszzit_wapi*" ],
      "privileges": ["read"]
    }
  ]
}

a simple substitution of "read" by "all" for .kibana indice gives me all access but it is too much

a5a · October 31, 2017, 5:54pm

Hi zeenon,

Apologies, I see what you're doing now. You're a great candidate for our new feature in 6.0, dashboard-only mode, which allows you a first-class way to grant read-only access to kibana saved objects. Check it out here: https://www.elastic.co/blog/kibana-dashboard-only-mode

In your case, though, you can still do it, but it's not as pretty. It requires setting an additional privilege for this user on .kibana. So in addition to read, you also need view_index_metadata.

Now the way it works is, this user can still see the dashboard edit button and can attempt to add visualizations and change the dashboard options, but upon clicking save, the user will meet with "action [indices:data/write/index] is unauthorized for user [xyz]" and be unable to save the changes.

I hope that helps!

Archana (a5a)

cedric1 · November 2, 2017, 7:26pm

Thank you for answer Archana,

Could you please tell me if this new dashboard only mode will be available/usable even if we don't have XPack security installed?

a5a · November 3, 2017, 7:40pm

Hi cedric1~

It does require X-Pack Security. I'm looking into updating that blog post to be more informative about that. Could be misleading otherwise.

-Archana

system · December 1, 2017, 7:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Read Only Kibana Dashboard Kibana	2	4646	May 11, 2017
Making Dashboard read only Kibana	6	933	February 5, 2020
Dashboard access privileges Kibana	2	329	September 18, 2018
How Can I set USer Security to Only view a dashboard Kibana	7	3279	May 24, 2017
XPACK -Security Elasticsearch	8	757	May 3, 2017

Secure access to dashboards

Related topics