What permissions/roles should I assign to create a read-only Kibana user?

One who can read all my indices, see all my visualisations and dashboards, but not be able to change any visualisations or dashboards?

The built-in kibana_user role doesn't do it, because that lets the user destroy things. But if I reduce the privileges on .kibana* to just "read" (and add "read" to indices "*" for access to the actual data) I just get a blank screen.

(Yes I know there are many similar such questions, but I can't find one that has an actual answer.)

1 Like

The one you seem to need is "view_index_metadata".

Although the user interface is very poor - it will let you put loads of effort into, say, editing a dashboard, and only tell you that you don't have permission at the point of trying to save.

The usual approach is to block off disallowed actions in the user interface as well as (obviously) rejecting them at the back end. It doesn't look to me like this feature has been finished yet?

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.