Why can kibana_dashboard_only_user hide navigation menu items but a custom role cannot?

Sjaak01 · October 11, 2018, 3:12am

Hi

I've been breaking my head over this for two days and I just can't figure it out.

For whatever reason the kibana_dashboard_only user role can hides all navigation menus except for the dashboard button (good).

If I recreate the exact same role (except for the _reserved part as it seems hard coded) all the menu items show up (bad).

Why? I absolutely fail to see why having the EXACT SAME SETTINGS doesn't give the same result. It makes zero sense and is extremely frustrating.

kibana_dashboard_only

  "kibana_dashboard_only_user": {
    "cluster": [],
    "indices": [
      {
        "names": [
          ".kibana*"
        ],
        "privileges": [
          "read",
          "view_index_metadata"
        ]
      }
    ],
    "applications": [
      {
        "application": "kibana-.kibana",
        "privileges": [
          "read"
        ],
        "resources": [
          "*"
        ]
      }
    ],
    "run_as": [],
    "metadata": {
      "_reserved": true
    },
    "transient_metadata": {
      "enabled": true
    }

My custom dashboard only user

  "kibana_dashboard_test": {
    "cluster": [],
    "indices": [
      {
        "names": [
          ".kibana2*"
        ],
        "privileges": [
          "read",
          "view_index_metadata"
        ]
      }
    ],
    "applications": [
      {
        "application": "kibana-.kibana2",
        "privileges": [
          "read"
        ],
        "resources": [
          "*"
        ]
      }
    ],
    "run_as": [],
    "metadata": {},
    "transient_metadata": {
      "enabled": true
    }

kibana.yml

elasticsearch.url: "https://elasticcloud:9243"
kibana.index: ".kibana2"
xpack.security.enabled: true
elasticsearch.username: "user"
elasticsearch.password: "password"

Albert_Zaharovits · October 11, 2018, 7:58am

Hi @Sjaak01,

No reason to get frustrated over this!
You are indeed right, the role is hardcoded on the Kibana side. That is, the user it's shown only the dashboard if it has the "kibana_dashboard_only" role.
Kibana is moving away from this implementation with the adoption of Kibana Spaces (coming soon), implemented with the applications privileges which you can see on the role you have pasted.

What is the reason you wish to have another role similar to "kibana_dashboard_only"?

Sjaak01 · October 11, 2018, 8:28am

I'm sorry, its been a long couple of days and this is kind of the last piece of the puzzle I need to figure out so I was getting worked up over it.

The reason I want a second dashboard only user is multi tenancy and hiding dashboards from different users.

But as you said I am very much looking forward to spaces because if it works the way I hope it does, there is no need for my current work around with multiple Kibana instances.

Can you give a hint as to how soon soon is?

TimV · October 11, 2018, 1:28pm

It is possible to configure Kibana to treat your custom role as a "dashboard only" role.

The docs for this are here:

https://www.elastic.co/guide/en/kibana/6.4/advanced-dashboard-mode-configuration.html

system · November 8, 2018, 1:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.