-
ES 6.4.0 SG 23.1
-
JRE 1.8.0 on CentOS 7.4
Enabling Kibana read-only mode for some roles is very desirable for some groups of our users - but we’d also like them to be able to use the Discover tab to investigate the data (they don’t need to save searches, so they’d still be read-only users). There are some cases where we’d like to enable other menu items too (Monitor?)
I thought I remembered seeing a way to do this already - did I imagine that, or was it perhaps an X-Pack thing?
If not, can I request it as a feature? Not sure how it would be configured - you might want different item availability for different roles, so this might not be sufficient in general (but might be for a first version):
searchguard.readonly_mode.roles: [“sg_read_only_1”, “sg_read_only_2”, …]
searchguard.readonly_mode.menus: [“discover”, “visualize”, “dashboards”, “monitor”] # logout, collapse always present
Hi,
I am not aware that X-Pack has this feature (yet). However, we are actively working on improving Kibana access control, so the feature is coming. We don’t have a ETA yet.
···
On Friday, October 12, 2018 at 11:39:26 AM UTC+2, jbeckett@ft-services.com wrote:
Enabling Kibana read-only mode for some roles is very desirable for some groups of our users - but we’d also like them to be able to use the Discover tab to investigate the data (they don’t need to save searches, so they’d still be read-only users). There are some cases where we’d like to enable other menu items too (Monitor?)
I thought I remembered seeing a way to do this already - did I imagine that, or was it perhaps an X-Pack thing?
If not, can I request it as a feature? Not sure how it would be configured - you might want different item availability for different roles, so this might not be sufficient in general (but might be for a first version):
searchguard.readonly_mode.roles: [“sg_read_only_1”, “sg_read_only_2”, …]
searchguard.readonly_mode.menus: [“discover”, “visualize”, “dashboards”, “monitor”] # logout, collapse always present