Allow kibana readonly access to create short URLs


(Kevin Retzke) #1

Is it possible to allow readonly users to create short URLs in kibana without allowing full access to change the kibana index?

Here’s an example request log:

no block has matched, forbidding by default: { ID:f512f1a7a84e47f09d325cf87cfa474b, TYP:IndexRequest, USR:k, BRS:false, ACT:indices:data/write/index, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/.kibana/u
rl/4694c9657fb6068f510b7465fbdb67fe, CNT:<OMITTED, LENGTH=273>, HDR:authorization,Connection,content-type,Host,Content-Length, EFF:0, HIS:[Kibana read-only->[kibana_access->false, indices->true]] }

(originally posted at https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin/issues/166)

  • 1
  • 2
  • 3
  • 4
  • 5

0 voters


(Daniel Mota Leite) #2

I use this for allowing users to create visualizations and dashboards:

## {{ user }}
###  Create NEW saved objects (but not overwrite) for {{ user }}
    - name: "Accept {{ user }} create objects"
      type: allow
      methods: [POST]
      auth_key: {{ user }}:{{ pass }}
      uri_re: ^/.kibana/.*\?op_type=create$
      kibana_access: rw

### READ-ONLY access for {{ user }}
    - name: "Accept {{ user }} user"
      type: allow
      methods: [GET,POST,HEAD]
      auth_key: {{ user }}:{{ pass }}
      kibana_access: ro

looking to your log i would say this should work:

## {{ user }}
###  Create short urls for {{ user }}
    - name: "Accept {{ user }} create short urls"
      type: allow
      methods: [POST]
      auth_key: {{ user }}:{{ pass }}
      uri_re: ^/.kibana/url/.*
      kibana_access: rw

### READ-ONLY access for {{ user }}
    - name: "Accept {{ user }} user"
      type: allow
      methods: [GET,POST,HEAD]
      auth_key: {{ user }}:{{ pass }}
      kibana_access: ro

(Kevin Retzke) #3

Thanks for the suggestion! I had tried a uri_re rule, but it was letting other stuff through. Trying again based on your recommendation seems to work as desired, so I must have messed something up earlier. Thanks again!


(Simone Scarduzio) #4