Kibana dashboard level restriction


(Varun R) #1

Hey Hi,

i can able to restrict the index based on user/group level with help of yml setting. But I cannot able restrict the dashboard based on users view the particular dashboard. can you please help me. How can i restrict dashboard level in configuration. Please give me some suggestion with example yml configuation.

Thanks!!!


(Simone Scarduzio) #2

Can you rephrase? Not sure I understand the question.


(Varun R) #3

Please view my updated question. kindly let me know exact/example configuration for dashboard level restrication.
For Example:
- name: “::RO::”
kibana_access: ro
auth_key: test_admin:test_admin

Where i can mention dashboard level restriction and what is the rule. help me!


(Simone Scarduzio) #4

@varunarathinam unfortunately a dashboard is a kibana object that the Kibana server opaquely saves inside the kibana index. Elasticsearch only provides the storage layer for the Kibana index and does not understand what a Kibana object is. This is why there is no ACL rule for dashboards.

And even if there was, you would need a similar one for all kibana objects: index-patterns, visualizations, short URLs, saved searches, etc.

The only sane way to do this is to associate a different kibana index (we call it tenancy) to user or group. This logic needs a good deal of Kibana client and server side code, and is definitely not trivial to achieve. Our solution to this problem is called ReadonlyREST Enterprise.