Shield drawback, Please correct me if I am wrong

security

(Vikas Gopal) #1

Hi Shield Experts

I have created 2 users , admin and abc and assign roles to these users . Admin can access all the indices , but user abc can oly access one index . Now admin user has created dashboard which has many vizulizations from different indices .

Problem

Since abc user ir restricted to only one index , so he won't be able to see the data in the dashboard created by admin. But abc can see the code behind and dashboard plus he can see name of the dashboard or some other stuff too. I am aware why this is happening because both the users have read access to .kiaban index which stores all the visualizations and dashboards .

Question

Can we design or assign separate .kibana index as per customer/user . With this approach I can restrict user completely .So my goal is abc user should not see the dashboard created by admin .

Thanks
VG


(Christian Dahlqvist) #2

You can specify the name of the index Kibana uses in the kibana.yml file. If you create two separate Kibana instances, on different URL/ports, you can have different Kibana indices for different users/teams. This workaround tend to work well as long as the number of users/teams is reasonably small.


(Vikas Gopal) #3

So , please let me know if I understand it correctly . Under kibana.yml file I can specify multiple Kibana_index which i further assign to the users/team ? and what about LDAP integration ? Does it works with LDAP ?


(Christian Dahlqvist) #4

You can specify a single index for Kibana to use per kibana.yml file, which is why you will need a separate configuration file per team and the URL needs to be different. When you start Kibana, you can specify the configuration file to use using the '-c' parameter. You can then provide privileges to these Kibana indices to different users through Shield, which provides the integration with LDAP.


(system) #5