@askids thank you for bringing this up. I think you are right, it makes a ton of sense.
And by the way thanks for all your contributions to this community during the years. 
Here, I put together a prototype of ReadonlyREST Free for Kibana:
readonlyrest_kbn_free
Get it while it’s hot
This is a free, yet stripped down version of ROR PRO. It represents a basic, but pretty complete end to end solution for a secure Kibana user experience.
Early 2020 ROR Kibana product lineup
All below capabilities rely on the installation of both Elasticsearch Free (or Embedded) and the respective Kibana ROR plugin editions.
We will add more features to Enterprise later during the year.
Features included in ROR Free
- Login form
- Session management with encrypted cookies
- Logout button
- Clusterwide settings (only in demo mode)
- Audit log demo dashboard (still WIP)
- Login with JWT (as a header or query parameter)
- Proxy passthrough mode (i.e. nginx + x-forwarded-user)
- Read only mode: hides “save”, “delete” and other UI elements. Obviously also blocks API access accordingly.
- LDAP backed authentication/authorization (HA mode, SSL “ldaps” mode included)
Features that are in PRO
- All features in Free
- Full CSS/JS customisation of the login form
- Full CSS/JS customisation of the Kibana UI (
previously only Enterprise!) - Hiding some Kibana apps to certain users or groups
- Clusterwide security settings YAML editor for administrators from within Kibana
Features only in ROR Enterprise:
- All features in PRO
- Kibana tenancy segregation: associate a different “.kibana” index to users or groups
- Users or groups can hop between tenancies with a drop down menu
- SAML SSO/SLO authentication and authorization (multiple servers supported)
- Priority support (SLA guaranteed response time + private communication via email or forum PMs)
- Soon more to come