How to configure SG-2 to have a role that have RO access to the Kibana index

Hi,
Need help. I can’t get my use case to work. I am not able to disallow normal user to save Visualization, Chart, and Searches.

Environment:

  • ES 2.4.6
  • Kibana 4.6.6
  • SG 2 2.4.6.14
  • SG SSL 2.4.6.21
  • SG Kibana 4.6.0-2
    Use case:
  1. sg_admin: full access to Kibana and all indexes
  2. sg_power_user: full access to all user indexes, Read access to Kibana index
  3. sg_user: Read access to all indexes
    Configuration:
  • sg_roles.yml

sg_admin:

cluster:

  • CLUSTER_ALL

indices:

‘*’:

‘*’:

  • ALL

sg_power_user:

indices:

‘logstash*’:

‘*’:

  • ALL

‘?kibana’:

‘*’:

  • READ

sg_user:

indices:

‘*’:

‘*’:

  • READ
  • sg_roles_mapping.yml
···

sg_admin:

users:

  • admin

sg_power_user:

users:

  • manager

sg_user:

users:

  • ‘*’

What is the problem you experience with the below setup? Are your power users to write anyway to the kibana index or what else is wrong?

···

Am 08.09.2017 um 11:46 schrieb Garry Song <garrys0ng88@gmail.com>:

Hi,
Need help. I can't get my use case to work. I am not able to disallow normal user to save Visualization, Chart, and Searches.
Environment:
  • ES 2.4.6
  • Kibana 4.6.6
  • SG 2 2.4.6.14
  • SG SSL 2.4.6.21
  • SG Kibana 4.6.0-2
Use case:
  • sg_admin: full access to Kibana and all indexes
  • sg_power_user: full access to all user indexes, Read access to Kibana index
  • sg_user: Read access to all indexes
Configuration:
  • sg_roles.yml
sg_admin:
  cluster:
    - CLUSTER_ALL
  indices:
    '*':
      '*':
        - ALL

sg_power_user:
  indices:
    'logstash*':
      '*':
        - ALL
    '?kibana':
      '*':
        - READ

sg_user:
  indices:
    '*':
      '*':
        - READ

  • sg_roles_mapping.yml

sg_admin:
  users:
    - admin
    
sg_power_user:
  users:
    - manager

sg_user:
  users:
    - '*'

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/1c500a83-2392-4075-9fce-41e8552bef93%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hi,

I just found out my problem.

I configured elasticsearch.username: “admin” in kibana.yml.

This user has full access to .kibana index. So, even if I log in Kibana as “manager”, I actually inherited admin’s full access rights to .kibana.

I have configured kibana.yml with “manager”, I now only have READ access to .kibana.

After that, I’m problem is solved. When I log in as “admin”, I have full access. If I log in as “manager” or other user, I have READ access only.

Rgds

···

On Friday, September 8, 2017 at 7:37:45 PM UTC+8, Search Guard wrote:

What is the problem you experience with the below setup? Are your power users to write anyway to the kibana index or what else is wrong?

Am 08.09.2017 um 11:46 schrieb Garry Song garry...@gmail.com:

Hi,

Need help. I can’t get my use case to work. I am not able to disallow normal user to save Visualization, Chart, and Searches.

Environment:

    • ES 2.4.6
    • Kibana 4.6.6
    • SG 2 2.4.6.14
    • SG SSL 2.4.6.21
    • SG Kibana 4.6.0-2

Use case:

    • sg_admin: full access to Kibana and all indexes
    • sg_power_user: full access to all user indexes, Read access to Kibana index
    • sg_user: Read access to all indexes

Configuration:

    • sg_roles.yml

sg_admin:

cluster:

- CLUSTER_ALL

indices:

'*':
  '*':
    - ALL

sg_power_user:

indices:

'logstash*':
  '*':
    - ALL
'?kibana':
  '*':
    - READ

sg_user:

indices:

'*':
  '*':
    - READ
    • sg_roles_mapping.yml

sg_admin:

users:

- admin

sg_power_user:

users:

- manager

sg_user:

users:

- '*'


You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/1c500a83-2392-4075-9fce-41e8552bef93%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.