Users accessing kibana without any roles

We have searchguard configured to perform authentication and authorization with our ldap, but only have roles assigned to a select few users. When users without roles are able to authenticate in kibana, they are shown the normal UI, except that the main content is blank for every link in the toolbar. Is there a user whitelist feature yet? If not, is there some way to display a message to the user explaining that they have insufficient permissions? We are currently using v6.4.3 of ELK but have plans to upgrade to v7.7.0.

Yes, you can configure either whitelist or blacklist, but only starting from Search Guard v7.0.0, for example

Blacklist
sg_blocks.yml

demo_user_blocked:
  type: "name"
  value: ["John Doe"] # you can also use regular expressions and wildcards, e.g. '* Doe'
  verdict: "disallow"

Whitelist
sg_blocks.yml

demo_user_blocked:
  type: "name"
  value: ["John Doe"] # you can also use regular expressions and wildcards, e.g. '* Doe'
  verdict: "allow"

No, there is no way to have such warning by default before a user executes any action. But there is error if the user tries to execute an action when he doesn’t have enough permissions, for example


or

etc.

Also, the user can always see the roles assigned to him in the Account app, for example

kibana.yml

searchguard.accountinfo.enabled: true