Restricting access to some spaces

Hello,

I am currently using ELK version 7.17.14 along with Free ROR 1.54, I am thinking about upgrading to 1.59.0 but have some doubts.

1. I noticed in the changelog that in version 1.57.0 the “User settings available to users with all access types” was added, however in this area apart from “User settings” for the user with RW permissions for Kibana the “Activation Key” and “API” applications are visible and available with some data that should be protected from typical user. Is this correct and cannot access to these be limited only for admin or unrestricted users, if so how can I do it? I limit access to commands via ELK API e.g. Dev Tools(_cat,_cluster,_mapping) using “uri_re” rule with type forbid in readonlyrest config.
2. Every RW user has access to Stack Management → “Upgrade assistant” cannot this be limited as well for every RW user?
   Regards,
   Michał

Hi @mikeIT

1. yeah, this information may be misleading for RW Kibana users. It would probably be better if they were visible only to Admin users. We will change it.

2. Currently, the RW user can do anything with Kibana indices (including upgrades). In the future, we will probably split the access level into two separate levels. At the moment you can use actions and kibana.hide_apps (no available with the Free license) to restrict access to this part of Kibana.