This is not possible. Users and roles are managed by the SG Elasticsearch plugin. Thus, you can’t implement access restrictions in Kibana when you do not configure any roles in Search Guard.
The only thing that comes to my mind would be to enable anonymous auth. This can be enabled in sg_config.yml. If this is active, all requests that do not carry any credentials are mapped automatically to the sg_anonymous role. You could then give this role full access to the cluster. However, this is of course far from being a secure solution …
For HTTP it is possible to allow anonymous authentication. If that is the case then the HTTP authenticators try to
find user credentials in the HTTP request. If credentials are found then the user gets regularly authenticated.
If none can be found the user will be authenticated as an “anonymous” user. This user has always the username “sg_anonymous”
and one role named “sg_anonymous_backendrole”.
If you enable anonymous authentication all HTTP authenticators will not challenge.
On Thursday, August 9, 2018 at 5:58:29 PM UTC+2, Sven Bienert wrote:
since I have a lot of services and different things writing documents to Elasticsearch I cannot give any kind of access restriction directly to Elasticsearch. Elasticsearch is not accessible to third party people.
The only interface between customers and Elasticsearch is Kibana. That is why I only want to give different restrictions to users that are accessing Elasticsearch through Kibana.
How do you do that?