retzkek
(Kevin Retzke)
February 3, 2017, 5:14pm
1
Is it possible to allow readonly users to create short URLs in kibana without allowing full access to change the kibana index?
Here’s an example request log:
no block has matched, forbidding by default: { ID:f512f1a7a84e47f09d325cf87cfa474b, TYP:IndexRequest, USR:k, BRS:false, ACT:indices:data/write/index, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/.kibana/u
rl/4694c9657fb6068f510b7465fbdb67fe, CNT:<OMITTED, LENGTH=273>, HDR:authorization,Connection,content-type,Host,Content-Length, EFF:0, HIS:[Kibana read-only->[kibana_access->false, indices->true]] }
(originally posted at Allow kibana ro access to create short URLs · Issue #166 · sscarduzio/elasticsearch-readonlyrest-plugin · GitHub )
1 Like
I use this for allowing users to create visualizations and dashboards:
## {{ user }}
### Create NEW saved objects (but not overwrite) for {{ user }}
- name: "Accept {{ user }} create objects"
type: allow
methods: [POST]
auth_key: {{ user }}:{{ pass }}
uri_re: ^/.kibana/.*\?op_type=create$
kibana_access: rw
### READ-ONLY access for {{ user }}
- name: "Accept {{ user }} user"
type: allow
methods: [GET,POST,HEAD]
auth_key: {{ user }}:{{ pass }}
kibana_access: ro
looking to your log i would say this should work:
## {{ user }}
### Create short urls for {{ user }}
- name: "Accept {{ user }} create short urls"
type: allow
methods: [POST]
auth_key: {{ user }}:{{ pass }}
uri_re: ^/.kibana/url/.*
kibana_access: rw
### READ-ONLY access for {{ user }}
- name: "Accept {{ user }} user"
type: allow
methods: [GET,POST,HEAD]
auth_key: {{ user }}:{{ pass }}
kibana_access: ro
1 Like
retzkek
(Kevin Retzke)
February 13, 2017, 11:05pm
3
Thanks for the suggestion! I had tried a uri_re rule, but it was letting other stuff through. Trying again based on your recommendation seems to work as desired, so I must have messed something up earlier. Thanks again!
1 Like