Hi,
I had a look through the documentation and a quick scan of the forum but couldn’t find anything.
RoR Enterprise.
Lets say we have a Elasticsearch “functional user”, so an account that should only do some calls directly against Elasticsearch itself.
Is there a way to prevent this user from logging in to Kibana?
Something like:
Kibana_access: No
Very interesting use case, there’s certainly room for widening the scope of kibana_access rule to “no”. Makes sense.
In the meantime, you can workaround this by adding this block to your ACL somewhere before the block that would accept the user:
- name: "User bobby should not use kibana"
type: forbid
auth_key: bobby:tables
actions: ["/_readonlyrest/metadata/*"]
If you use an external authentication system like LDAP, SAML, etc, you could very well just use the users rule to intercept the disallowed user(s) by name:
- name: "User bobby should not use kibana"
type: forbid
users: ["bobby", "sandra"]
ldap_auth:
....
actions: ["/_readonlyrest/metadata/*"]
Clear, workaround would work for me for now.
It would be more neat (from a config perspective) to be able to say kibana_access no.
But it doesn’t have any urgency for me.
Thanks!