Hi, I’m running ELK 6.32 Stack with SearchGuard 6.
I have a doubt regarding to read only modes in Kibana
-
Is it posiible to define read only dashboards in kibana?
-
Is it dependent of the multy tennancy feature?
Thank you
Regards
Ana
When asking questions, please provide the following information:
-
Search Guard and Elasticsearch version
-
Installed and used enterprise modules, if any
-
JVM version and operating system version
-
Search Guard configuration files
-
Elasticsearch log messages on debug level
-
Other installed Elasticsearch or Kibana plugins, if any
Hi,
it is possible to define read-only dashboards, but this is implemented via the multi-tenancy feature as you indicsted. With multi-tenancy, you can define multiple tenants per role, and then assign read/write or read-only permissions to these tenants.
Without multi-tenancy (Kibana default behavior), all saved objects end up in the same index without the possibility to separate them on a per-role basis or to assign permissions.
···
On Monday, August 20, 2018 at 3:19:15 AM UTC-5, anabella.cristaldi@gmail.com wrote:
Hi, I’m running ELK 6.32 Stack with SearchGuard 6.
I have a doubt regarding to read only modes in Kibana
- Is it posiible to define read only dashboards in kibana?
- Is it dependent of the multy tennancy feature?
Thank you
Regards
Ana
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
- Installed and used enterprise modules, if any
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
Thank you for the response.
We are doing a POC in order to test the multitenancy feature. The goal is to present readonly dashboards to diferent clients.
For each client we want to
- Define a custom index
- Define a tenant
- Have a RW user that indexes the data in the custom index and create the visualizations and dashboard in the tenant
- Have a read only user over that tenant in order to provide read only access to that dashboards
I have enabled the multitenancy feature but i’m not able to define the tenants.
It is not clear for me in the doc
Any help will be appreciated
Regards
Ana
···
El lunes, 20 de agosto de 2018, 10:19:15 (UTC+2), anabella....@gmail.com escribió:
Hi, I’m running ELK 6.32 Stack with SearchGuard 6.
I have a doubt regarding to read only modes in Kibana
- Is it posiible to define read only dashboards in kibana?
- Is it dependent of the multy tennancy feature?
Thank you
Regards
Ana
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
- Installed and used enterprise modules, if any
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
In order to create the tenant:
I go to roles, and add a tenant to that role. Once I’m loging with a user in this role I’m not able to see the new tenant (only Global and Private tenants)
Regards and thank you
Ana
···
El martes, 21 de agosto de 2018, 12:38:33 (UTC+2), anabella....@gmail.com escribió:
Thank you for the response.
We are doing a POC in order to test the multitenancy feature. The goal is to present readonly dashboards to diferent clients.
For each client we want to
- Define a custom index
- Define a tenant
- Have a RW user that indexes the data in the custom index and create the visualizations and dashboard in the tenant
- Have a read only user over that tenant in order to provide read only access to that dashboards
I have enabled the multitenancy feature but i’m not able to define the tenants.
It is not clear for me in the doc
Any help will be appreciated
Regards
Ana
El lunes, 20 de agosto de 2018, 10:19:15 (UTC+2), anabella....@gmail.com escribió:
Hi, I’m running ELK 6.32 Stack with SearchGuard 6.
I have a doubt regarding to read only modes in Kibana
- Is it posiible to define read only dashboards in kibana?
- Is it dependent of the multy tennancy feature?
Thank you
Regards
Ana
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
- Installed and used enterprise modules, if any
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
Hi,
This is what I mean:
- Define the role with the asociated Tenants
GET /_searchguard/api/roles/sg_read_only
{“sg_read_only”:{“cluster”:[“READ”,“SEARCH”],“tenants”:{“T1”:“RW”,“T2”:“RO”},“indices”:{“logstash-*”:{“doc”:[“READ”,“SEARCH”]}}}}
- Define a user with that role
GET /_searchguard/api/internalusers/kibanaro
{“kibanaro”:{“password”:“”,“roles”:[“sg_read_only”],“hash”:“xxxxx”}}
And no tenants other than global and private are visible (see attachment)
What I’m doing wrong?
Thank you
Regards
Ana
···
El martes, 21 de agosto de 2018, 14:38:48 (UTC+2), anabella....@gmail.com escribió:
In order to create the tenant:
I go to roles, and add a tenant to that role. Once I’m loging with a user in this role I’m not able to see the new tenant (only Global and Private tenants)
Regards and thank you
Ana
El martes, 21 de agosto de 2018, 12:38:33 (UTC+2), anabella....@gmail.com escribió:
Thank you for the response.
We are doing a POC in order to test the multitenancy feature. The goal is to present readonly dashboards to diferent clients.
For each client we want to
- Define a custom index
- Define a tenant
- Have a RW user that indexes the data in the custom index and create the visualizations and dashboard in the tenant
- Have a read only user over that tenant in order to provide read only access to that dashboards
I have enabled the multitenancy feature but i’m not able to define the tenants.
It is not clear for me in the doc
Any help will be appreciated
Regards
Ana
El lunes, 20 de agosto de 2018, 10:19:15 (UTC+2), anabella....@gmail.com escribió:
Hi, I’m running ELK 6.32 Stack with SearchGuard 6.
I have a doubt regarding to read only modes in Kibana
- Is it posiible to define read only dashboards in kibana?
- Is it dependent of the multy tennancy feature?
Thank you
Regards
Ana
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
- Installed and used enterprise modules, if any
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
This may be a stupid question, but have you updated the config via sgadmin after making the changes? If yes, can you post your role definition including the tenant here?
···
On Tuesday, August 21, 2018 at 7:38:48 AM UTC-5, anabella.cristaldi@gmail.com wrote:
In order to create the tenant:
I go to roles, and add a tenant to that role. Once I’m loging with a user in this role I’m not able to see the new tenant (only Global and Private tenants)
Regards and thank you
Ana
El martes, 21 de agosto de 2018, 12:38:33 (UTC+2), anabella....@gmail.com escribió:
Thank you for the response.
We are doing a POC in order to test the multitenancy feature. The goal is to present readonly dashboards to diferent clients.
For each client we want to
- Define a custom index
- Define a tenant
- Have a RW user that indexes the data in the custom index and create the visualizations and dashboard in the tenant
- Have a read only user over that tenant in order to provide read only access to that dashboards
I have enabled the multitenancy feature but i’m not able to define the tenants.
It is not clear for me in the doc
Any help will be appreciated
Regards
Ana
El lunes, 20 de agosto de 2018, 10:19:15 (UTC+2), anabella....@gmail.com escribió:
Hi, I’m running ELK 6.32 Stack with SearchGuard 6.
I have a doubt regarding to read only modes in Kibana
- Is it posiible to define read only dashboards in kibana?
- Is it dependent of the multy tennancy feature?
Thank you
Regards
Ana
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
- Installed and used enterprise modules, if any
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
Hi, I realize that the role mapping was missing.
Thank you
Regards
Ana
···
El martes, 21 de agosto de 2018, 15:11:28 (UTC+2), anabella....@gmail.com escribió:
Hi,
This is what I mean:
- Define the role with the asociated Tenants
GET /_searchguard/api/roles/sg_read_only
{“sg_read_only”:{“cluster”:[“READ”,“SEARCH”],“tenants”:{“T1”:“RW”,“T2”:“RO”},“indices”:{“logstash-*”:{“doc”:[“READ”,“SEARCH”]}}}}
- Define a user with that role
GET /_searchguard/api/internalusers/kibanaro
{“kibanaro”:{“password”:“”,“roles”:[“sg_read_only”],“hash”:“xxxxx”}}
And no tenants other than global and private are visible (see attachment)
What I’m doing wrong?
Thank you
Regards
Ana
El martes, 21 de agosto de 2018, 14:38:48 (UTC+2), anabella....@gmail.com escribió:
In order to create the tenant:
I go to roles, and add a tenant to that role. Once I’m loging with a user in this role I’m not able to see the new tenant (only Global and Private tenants)
Regards and thank you
Ana
El martes, 21 de agosto de 2018, 12:38:33 (UTC+2), anabella....@gmail.com escribió:
Thank you for the response.
We are doing a POC in order to test the multitenancy feature. The goal is to present readonly dashboards to diferent clients.
For each client we want to
- Define a custom index
- Define a tenant
- Have a RW user that indexes the data in the custom index and create the visualizations and dashboard in the tenant
- Have a read only user over that tenant in order to provide read only access to that dashboards
I have enabled the multitenancy feature but i’m not able to define the tenants.
It is not clear for me in the doc
Any help will be appreciated
Regards
Ana
El lunes, 20 de agosto de 2018, 10:19:15 (UTC+2), anabella....@gmail.com escribió:
Hi, I’m running ELK 6.32 Stack with SearchGuard 6.
I have a doubt regarding to read only modes in Kibana
- Is it posiible to define read only dashboards in kibana?
- Is it dependent of the multy tennancy feature?
Thank you
Regards
Ana
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
- Installed and used enterprise modules, if any
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
Yes, that’s what I wanted to post as well 
You can always use the /_searchguard/authinfo endpoint for checking the mapped roles of the currently logged in user. Quite useful when debugging. Let me know if you have more questions regarding your PoC.
···
On Tuesday, August 21, 2018 at 8:15:11 AM UTC-5, anabella.cristaldi@gmail.com wrote:
Hi, I realize that the role mapping was missing.
Thank you
Regards
Ana
El martes, 21 de agosto de 2018, 15:11:28 (UTC+2), anabella....@gmail.com escribió:
Hi,
This is what I mean:
- Define the role with the asociated Tenants
GET /_searchguard/api/roles/sg_read_only
{“sg_read_only”:{“cluster”:[“READ”,“SEARCH”],“tenants”:{“T1”:“RW”,“T2”:“RO”},“indices”:{“logstash-*”:{“doc”:[“READ”,“SEARCH”]}}}}
- Define a user with that role
GET /_searchguard/api/internalusers/kibanaro
{“kibanaro”:{“password”:“”,“roles”:[“sg_read_only”],“hash”:“xxxxx”}}
And no tenants other than global and private are visible (see attachment)
What I’m doing wrong?
Thank you
Regards
Ana
El martes, 21 de agosto de 2018, 14:38:48 (UTC+2), anabella....@gmail.com escribió:
In order to create the tenant:
I go to roles, and add a tenant to that role. Once I’m loging with a user in this role I’m not able to see the new tenant (only Global and Private tenants)
Regards and thank you
Ana
El martes, 21 de agosto de 2018, 12:38:33 (UTC+2), anabella....@gmail.com escribió:
Thank you for the response.
We are doing a POC in order to test the multitenancy feature. The goal is to present readonly dashboards to diferent clients.
For each client we want to
- Define a custom index
- Define a tenant
- Have a RW user that indexes the data in the custom index and create the visualizations and dashboard in the tenant
- Have a read only user over that tenant in order to provide read only access to that dashboards
I have enabled the multitenancy feature but i’m not able to define the tenants.
It is not clear for me in the doc
Any help will be appreciated
Regards
Ana
El lunes, 20 de agosto de 2018, 10:19:15 (UTC+2), anabella....@gmail.com escribió:
Hi, I’m running ELK 6.32 Stack with SearchGuard 6.
I have a doubt regarding to read only modes in Kibana
- Is it posiible to define read only dashboards in kibana?
- Is it dependent of the multy tennancy feature?
Thank you
Regards
Ana
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
- Installed and used enterprise modules, if any
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
Thank you Jochen,
I was able to complete the initial scenario of the POC.
Regards
Ana
···
El martes, 21 de agosto de 2018, 15:17:30 (UTC+2), Jochen Kressin escribió:
Hi, I realize that the role mapping was missing.
Thank you
Regards
Ana
El martes, 21 de agosto de 2018, 15:11:28 (UTC+2), anabella....@gmail.com escribió:
Hi,
This is what I mean:
- Define the role with the asociated Tenants
GET /_searchguard/api/roles/sg_read_only
{“sg_read_only”:{“cluster”:[“READ”,“SEARCH”],“tenants”:{“T1”:“RW”,“T2”:“RO”},“indices”:{“logstash-*”:{“doc”:[“READ”,“SEARCH”]}}}}
- Define a user with that role
GET /_searchguard/api/internalusers/kibanaro
{“kibanaro”:{“password”:“”,“roles”:[“sg_read_only”],“hash”:“xxxxx”}}
And no tenants other than global and private are visible (see attachment)
What I’m doing wrong?
Thank you
Regards
Ana
El martes, 21 de agosto de 2018, 14:38:48 (UTC+2), anabella....@gmail.com escribió:
In order to create the tenant:
I go to roles, and add a tenant to that role. Once I’m loging with a user in this role I’m not able to see the new tenant (only Global and Private tenants)
Regards and thank you
Ana
El martes, 21 de agosto de 2018, 12:38:33 (UTC+2), anabella....@gmail.com escribió:
Thank you for the response.
We are doing a POC in order to test the multitenancy feature. The goal is to present readonly dashboards to diferent clients.
For each client we want to
- Define a custom index
- Define a tenant
- Have a RW user that indexes the data in the custom index and create the visualizations and dashboard in the tenant
- Have a read only user over that tenant in order to provide read only access to that dashboards
I have enabled the multitenancy feature but i’m not able to define the tenants.
It is not clear for me in the doc
Any help will be appreciated
Regards
Ana
El lunes, 20 de agosto de 2018, 10:19:15 (UTC+2), anabella....@gmail.com escribió:
Hi, I’m running ELK 6.32 Stack with SearchGuard 6.
I have a doubt regarding to read only modes in Kibana
- Is it posiible to define read only dashboards in kibana?
- Is it dependent of the multy tennancy feature?
Thank you
Regards
Ana
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
- Installed and used enterprise modules, if any
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
Yes, that’s what I wanted to post as well You can always use the /_searchguard/authinfo endpoint for checking the mapped roles of the currently logged in user. Quite useful when debugging. Let me know if you have more questions regarding your PoC.
On Tuesday, August 21, 2018 at 8:15:11 AM UTC-5, anabella....@gmail.com wrote:
Hi,
I am newer for SG. I want to confirm:
-
whether multy tennancy is only for commercialize.
-
whether below config also can define read only dashboards
searchguard.readonly_mode.roles: ["sg_read_only_1", "sg_read_only_2", ...]
在 2018年8月21日星期二 UTC+8上午9:25:35,Jochen Kressin写道:
···
Hi,
it is possible to define read-only dashboards, but this is implemented via the multi-tenancy feature as you indicsted. With multi-tenancy, you can define multiple tenants per role, and then assign read/write or read-only permissions to these tenants.
Without multi-tenancy (Kibana default behavior), all saved objects end up in the same index without the possibility to separate them on a per-role basis or to assign permissions.
On Monday, August 20, 2018 at 3:19:15 AM UTC-5, anabella....@gmail.com wrote:
Hi, I’m running ELK 6.32 Stack with SearchGuard 6.
I have a doubt regarding to read only modes in Kibana
- Is it posiible to define read only dashboards in kibana?
- Is it dependent of the multy tennancy feature?
Thank you
Regards
Ana
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
- Installed and used enterprise modules, if any
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
