How to configure SG-2 to have a role that have RO access to the Kibana index

unread,

Sep 8, 2017, 5:46:12 AM9/8/17

to Search Guard Community Forum

Hi,

Need help. I can't get my use case to work. I am not able to disallow normal user to save Visualization, Chart, and Searches.

Environment:

Use case:

Configuration:

sg_admin:
cluster:
- CLUSTER_ALL
indices:
'*':
'*':
- ALL

sg_power_user:
indices:
'logstash*':
'*':
- ALL
'?kibana':
'*':
- READ

sg_user:
indices:
'*':
'*':
- READ

sg_admin:
users:
- admin

sg_power_user:
users:
- manager

sg_user:
users:
- '*'

unread,

Sep 8, 2017, 7:37:45 AM9/8/17

to search...@googlegroups.com

What is the problem you experience with the below setup? Are your power users to write anyway to the kibana index or what else is wrong?

> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/1c500a83-2392-4075-9fce-41e8552bef93%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

unread,

Sep 12, 2017, 4:56:56 AM9/12/17

to Search Guard Community Forum

Hi,

I just found out my problem.

I configured elasticsearch.username: "admin" in kibana.yml.

This user has full access to .kibana index. So, even if I log in Kibana as "manager", I actually inherited admin's full access rights to .kibana.

I have configured kibana.yml with "manager", I now only have READ access to .kibana.

After that, I'm problem is solved. When I log in as "admin", I have full access. If I log in as "manager" or other user, I have READ access only.

Rgds

Reply all

Reply to author

Forward