I'm trying to add a role based access control over Kibana to have different privileges and dashboards for different types of users and I found those projects:
What I found is that:
Elastic Shield (now called X-Pack) is the best, but unfortunately it's only 30 days free trial.
search guard module is a little complicated and it does the job, but it's not for free for commercial use which isn't suitable for my case.
ReadonlyREST plugin allows you to define which user reads which data, and their Enterprise Kibana plugin (non-free) also allows you to assign kibana indices to groups or users.
Kibana Plugin Own Home is a workaround solution as it defines different kibana index for different user which isn't practical.
If you know any other projects or any workaround for the mentioned projects above that satisfies my requirements, I'd be so grateful.
Kibana is an free and open frontend application that sits on top of the Elastic Stack, providing search and data visualization capabilities for data indexed in Elasticsearch.
Elasticsearch is a powerful search and analytics engine that can be used to improve security in a number of ways. One way is through multi-tenancy, which allows for the isolation of data and processes within a single instance of Elasticsearch.
Kibana is the 'K' in the ELK Stack, the world's most popular open source log analysis platform, and provides users with a tool for exploring, visualizing, and building dashboards on top of the log data stored in Elasticsearch clusters.
Disclaimer: I work for floragunn, makers of Search Guard.
The only real way to separate dashboards and visualizations based on users/tenants is to place them in separate Kibana indices. This is what both Search Guard and Own Home does.
The reason for this is how Kibana works internally: Out of the box, Kibana will place all of these objects in one global Kibana index, shared by all users. Since Kibana itself has no notion of users, roles or tenants, the only way to do it is to intercept the calls to the Kibana index, and rewrite the index name based on the provided user/role information.
One other option you have is to use the Red Hat OpenShift platform. They have an Elasticsearch plugin that is integrated with the Community Edition of Search Guard, and their own Kibana multi-tenancy module. As far as I know, this plugin is completely free.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With