Prevent user from accessing Kibana?


I had a look through the documentation and a quick scan of the forum but couldn’t find anything.
RoR Enterprise.

Lets say we have a Elasticsearch “functional user”, so an account that should only do some calls directly against Elasticsearch itself.
Is there a way to prevent this user from logging in to Kibana?
Something like:
Kibana_access: No

Very interesting use case, there’s certainly room for widening the scope of kibana_access rule to “no”. Makes sense.

In the meantime, you can workaround this by adding this block to your ACL somewhere before the block that would accept the user:

- name: "User bobby should not use kibana"
  type: forbid
  auth_key: bobby:tables
  actions: ["/_readonlyrest/metadata/*"]  

If you use an external authentication system like LDAP, SAML, etc, you could very well just use the users rule to intercept the disallowed user(s) by name:

- name: "User bobby should not use kibana"
  type: forbid
  users: ["bobby", "sandra"]
  actions: ["/_readonlyrest/metadata/*"]  

Clear, workaround would work for me for now.
It would be more neat (from a config perspective) to be able to say kibana_access no.
But it doesn’t have any urgency for me.