Restrict permission for kibana user

When asking questions, please provide the following information:

• Search Guard and Elasticsearch version

• Installed and used enterprise modules, if any

• JVM version and operating system version

• Search Guard configuration files

• Elasticsearch log messages on debug level

• Other installed Elasticsearch or Kibana plugins, if any

When asking questions, please provide the following information:

• Search Guard and Elasticsearch version : 5.4.2

• JVM version and operating system version : Java 8 and windows 10

• Search Guard configuration files :

• Other installed Elasticsearch or Kibana plugins : searchguard only

Documentation states that a Kibana user at least should have access to .kibana index so

how can we restrict that user access like with the role :

sg_samreen_custom:

cluster:

-UNLIMITED

indices:

‘samreen’:

‘*’:

• READ

‘?kibana’:

‘*’:

• READ

sg_samreen_custom:

users:

• ProductionSupport

we want to restrict the user “ProductionSupport” access not being able to create index pattern and customize existing visualizations.

sg_config.yml (9.01 KB)

Index patterns, visualizations, and dashboards are stored in the .kibana index, so if you don’t want a user to change them, it shoud be sufficient to limit the permissions to the .kibana index to READ, like you did.

In other words, the role looks good to me at first glance. Have you tried it? Is something not working as expected?