Is there any way to ensure that a user will have only read access to indices? A subset of actions or methods?
(But doesn’t kibana use POST for some queries?)
Is this a Kibana session you want to make readonly? Or some other agent?
Not kibana (I mean not the .kibana index), but an arbitrary data indices, eg
my_index_data_1
my_index_data_2
…
Maybe the above was not clear, I want a rule like this but where kibana_sample_data_ecommerce is read-only for this user/session.
- name: plant-user--data
headers:
- x-vi-plant:*
proxy_auth: '*'
kibana_hide_apps: "{{ kibana_ror_plant_hide_apps }}"
indices:
- kibana_sample_data_ecommerce
filter: |
{
"query": {
"match": {"customer_gender": "@{x-vi-plant}"}
}
}
So my quesiton was more like do you want to prevent a Kibana user from modifying data indices? or is this another thing like logstash?
Correct me if I’m wrong, but looks like you mean to prevent a Kibana user from modifying data indices via dev tools, or direct access. Well in this case, just use kibana_access: rw.
This will grant RW permissions to the kibana index (to create and delete dashboards and viz), but reject any RW request geared to other indices.
Don’t forget to allow also the “.kibana” index in the indices rule (unless you have a specific block for it above this).
- Users to be able to modify their tenant-specific kibana index (assigned with
kibana_index) - Able to read/access their (assigned by
indices) strictly as read-only
I guessing this a function of limiting the actions, similar to searchgard’s
Kibana Read Only mode | Security for Elasticsearch | Search Guard or their CLUSTER_COMPOSITE_OPS_RO action group.
I think it’s kinda similar, except that in ROR you have to specify the hidden apps yourself.
Sorry, maybe that link was misleading.
I asking about how to make all access to an index read-only, regardless of the app.
The answer is: if you set the kibana_access rule (with any value) you will get the desired effect, because all indices except “.kibana” will become read-only.
Brilliant! Thanks much.
1 Like