Space Permission Trouble

(Tony Chirillo) #1

Hello all!

We are having some trouble with “space” permissions in Kibana. We want give different groups their own space, and only allow them to see and access their own space. We can’t seem to get the configuration correct. We end up with each team being able to access every other team’s space.

For example, a space is created for a team and the “Minimum privileges for all spaces” is set to none, and in the unique space the “Privilege” is set to all. From our understanding of manual, this should give all privileges to just that space and no other spaces. However, that is not the result that we get.

Anyone have thoughts on what we might be doing wrong?
Attached is an example of how our config looks.

Other facts:
The role mappings do not include the Kibana_User role nor permissions given to the Kibana index.

We are on version 6.7.1

-Tony

(Tony Chirillo) #2

Working through things we discovered we had another role setup that still had Kibana Rules tied to it. Removed it and things began to work as expected.

(Larry Gregory) #3

Hey @Tony_Chirillo,

Glad you sorted this out! If you want to disable that legacy behavior altogether, you can set xpack.security.authorization.legacyFallback: false in your kibana.yml configuration.

That way, users with direct access to the .kibana index will no longer have access to Kibana unless they are also granted specific Kibana privileges. It will not automatically grant them access to every space.

(system) closed #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.