X-pack kibana_user role conflicting with spaces permissions

security
reporting

(Sjaak) #1

Hi,

No idea where I should post this as the x-pack forum appears to be locked...

I got my users set up with spaces permissions so they can only view the spaces the have access to. Works fine. The problem is that these users are allowed to generate reports and we have a custom logo. But for the custom logo to show up in reports, a user MUST have access to the kibana_user role. But a user with access to kibana_user automatically can see all spaces on login...

Another issue is that even if a user has minimum rights, they can still do things such as access the advanced settings page.


(David Pilato) #2

That's the right place. Or it can be in #kibana. I'm moving your post there.

We now have tags where you can define which feature it is about. ie, I added security and reporting here.


(Larry Gregory) #3

Hey @Sjaak01,

I haven't heard of this limitation/issue yet. I'll try to reproduce this, and report back with my findings.

This is intentional for the 6.5 release of Spaces. We are working on expanding this functionality with Granular Application Privileges, which will allow you to control who can access specific features within Kibana. Feel free to follow the issue to track our progress and make suggestions!


(Larry Gregory) #4

Update: I've reproduced this, and filed an issue with the details and root cause: https://github.com/elastic/kibana/issues/26760

Thanks for the report @Sjaak01, we will work to prioritize a fix!


(Sjaak) #5

Thanks :slight_smile: