User role to just manage the users in Kibana/x-pack security

I would like to create a user whose role has the privilege to only manage the user list or access User Management in Kibana.

Could someone please advice me if there is a particular privilege that i need to choose while creating such a role ?

Thanks!

Sounds like you are wanting "feature controls", which will be available in 7.2.

Thanks, indeed the "feature control" could take care of what I mentioned. I just hope the "Security" is designated as a stand alone feature in the list. Eagerly waiting to test the final version.

I've tried the "feature control" on v7.2 and I'm able to restrict a role to a space and disable all the features except the "Advanced Settings". Unfortunately such a role would allow the user to access the ILM, index management, etc.. too (which I want to avoid). Objective is to let the user/role to just have the ability to manage the Security aspects.

Could someone please guide me to the index where the user & role information is stored in ElasticSearch. I could then ring fence a role to that particular index with just read and write permissions.

Would welcome other approaches too. Thanks!

Was able to achieve this by the following settings:

  • Create a Space with all the features disabled
  • Assign a role with access to the above Space
  • Assign a user to the above role with Cluster Privilege = manage_security

With the above settings, a user will have only access to editing the Security settings