readonlyrest: access_control_rules: - name: "Require HTTP Basic Auth" type: allow auth_key: esAdmin:Cen - name: "allow all" type: allow auth_key: elk:ela - name: "logstash writer" type: allow auth_key: lsWriter:lsW - name: "allow bodyera" type: allow indices: ["bodyera*",".kibana"] auth_key: bwcAdmin:q1w - name: "allow lpr" type: allow indices: ["lpr*","license-plate-reading*","ein-lpr*",".kibana"] auth_key: lpr:lpr - name: "allow is" type: allow indices: ["is*",".kibana"] auth_key: is:is - name: "allow taglit" type: allow indices: ["taglit*",".kibana"] auth_key: A164616583:eKg # - name: "Admin Kibana" # auth_key: ......... # kibana_access: unrestricted - name: "gilda RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Gilda-RW"] indices: ["gilda*",".kibana"] - name: "projectname RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Gilda-RO"] actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["gilda*",".kibana"] - name: "is RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-is-RW"] indices: ["is*",".kibana",".apm*","apm*"] - name: "is RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-is-RO"] actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["is*",".kibana",".apm*","apm*"] #kibana_access: ro - name: "SIR RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-SIR-RW"] indices: ["SIR*",".kibana"] - name: "SIR RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-SIR-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get","indices:manage/*:","indices:view_index_metadata/*"] indices: ["SIR*","mokdim*",".kibana"] kibana_access: ro - name: "bodyera RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-bodyera-RW"] indices: ["bodyera*",".kibana"] - name: "bodyera RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-bodyera-RO"] # actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["bodyera*",".kibana"] kibana_access: ro - name: "ein RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-ein-RW"] indices: ["lpr*","license-plate-reading*","ein-lpr*",".kibana"] - name: "ein RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-ein-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["lpr*","license-plate-reading*","ein-lpr*",".kibana"] kibana_access: ro - name: "Pe RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Pe-RW"] indices: ["Pe*",".kibana"] - name: "Pe RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Pe-RO"] # actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] # actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get","indices:admin/mappings/*","indices:admin/template/*"] indices: ["Pe*",".kibana"] kibana_access: ro - name: "Tib RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Tib-RW"] indices: ["Tib*",".kibana"] - name: "Tib RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Tib-RO"] # actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["Tib*",".kibana"] kibana_access: ro - name: "SharePoint RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Sharepoint-RW"] indices: ["sharepoint*",".kibana"] - name: "SharePoint RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Sharepoint-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["sharepoint*",".kibana"] kibana_access: ro - name: "Mokdim RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Mokdim-RW"] indices: ["mokdim*",".kibana"] - name: "Mokdim RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Mokdim-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get","indices:manage/*:","indices:view_index_metadata/*"] indices: ["mokdim*",".kibana"] kibana_access: ro - name: "Mapal RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Mapal-RW"] indices: ["mapal*",".kibana*"] - name: "Mapal RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Mapal-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["mapal*",".kibana"] kibana_access: ro - name: "Taglit RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Taglit-RW"] indices: ["taglit*",".kibana*"] - name: "Taglit RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Taglit-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["taglit*",".kibana"] kibana_access: ro - name: "Kingroad RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-KingRoad-RW"] indices: ["kingroad*",".kibana*"] - name: "Kingroad RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-KingRoad-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["kingroad*",".kibana"] kibana_access: ro - name: "Peten RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Peten-RW"] #indices: ["Peten*",".kibana*"] indices: ["peten*",".kibana",".apm*","apm*"] - name: "Peten RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Peten-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] #indices: ["Peten*",".kibana"] indices: ["peten*",".kibana",".apm*","apm*"] #kibana_access: ro - name: "Mena RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Mena-RW"] indices: ["mena*",".kibana*"] - name: "Mena RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Mena-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["mena*",".kibana"] kibana_access: ro - name: "AI RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-AI-RW"] indices: ["ai*",".kibana"] - name: "AI RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-AI-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["ai*",".kibana"] kibana_access: ro - name: "Model RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Model-RW"] indices: ["model*",".kibana"] - name: "Model RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Model-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get","indices:manage/*:","indices:view_index_metadata/*"] indices: ["model*",".kibana"] kibana_access: ro - name: "Adir RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Adir-RW"] indices: ["adir*",".kibana"] - name: "Adir RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Adir-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get","indices:manage/*:","indices:view_index_metadata/*"] indices: ["adir*",".kibana"] kibana_access: ro - name: "DataPower RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-DataPower-RW"] indices: ["datapower*",".kibana"] - name: "DataPower RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-DataPower-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["datapower*",".kibana"] kibana_access: ro - name: "Pros RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Pros-RW"] indices: ["pros*",".kibana"] - name: "Pros RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Pros-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["pros*",".kibana"] kibana_access: ro - name: "Help Desk RW" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-HelpDescAtuv-RW"] indices: ["helpdesk*",".kibana"] - name: "Help Desk RO" type: allow ldap_authentication: "ldap1" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-HelpDescAtuv-RO"] #actions: ["indices:data/read/*","cluster:monitor/*","indices:admin/get"] indices: ["helpdesk*",".kibana"] kibana_access: ro - name: "Domain Admin Access - Read Write" type: allow ldap_authentication: "ldap2" ldap_authorization: name: "ldap1" # ldap name from 'ldaps' section groups: ["Elastic-Admins"] indices: ["*"] ldaps: - name: ldap1 host: "manat.lic.dom" port: 389 # default 389 ssl_enabled: false # default true ssl_trust_all_certs: true # default false bind_dn: "CN=u765000423,OU=Service Accounts,DC=manat,DC=lic,DC=dom" # skip for anonymous bind bind_password: "Kkmj76!K" # skip for anonymous bind search_user_base_DN: "DC=manat,DC=lic,DC=dom" user_id_attribute: "sAMAccountName" # default "uid" search_groups_base_DN: "DC=manat,DC=lic,DC=dom" unique_member_attribute: "member" # default "uniqueMember" connection_pool_size: 10 # default 30 connection_timeout_in_sec: 10 # default 1 request_timeout_in_sec: 10 # default 1 cache_ttl_in_sec: 60 # default 0 - cache disabled - name: ldap2 host: "manat.lic.dom" port: 389 # default 389 ssl_enabled: false # default true ssl_trust_all_certs: true # default false bind_dn: "CN=u765000423,OU=Service Accounts,DC=manat,DC=lic,DC=dom" # skip for anonymous bind bind_password: "Kkmj76!K" # skip for anonymous bind search_user_base_DN: "DC=manat,DC=lic,DC=dom" user_id_attribute: "sAMAccountName" # default "uid" search_groups_base_DN: "DC=manat,DC=lic,DC=dom" unique_member_attribute: "member" # default "uniqueMember" connection_pool_size: 10 # default 30 connection_timeout_in_sec: 10 # default 1 request_timeout_in_sec: 10 # default 1 cache_ttl_in_sec: 60 # default 0 - cache disabled kibana_access: unrestricted