Grant users access to Auditbeat indices
editGrant users access to Auditbeat indices
editTo enable users to access the indices Auditbeat creates, grant them read
and view_index_metadata privileges on the Auditbeat indices. If they’re
using Kibana, they also need the kibana_user role.
-
Create a reader role that has the
readandview_index_metadataprivileges on the Auditbeat indices.You can create roles from the Management > Roles UI in Kibana or through the
roleAPI. For example, the following request creates a role namedauditbeat_reader: -
Assign your users the reader role so they can access the Auditbeat indices. For Kibana users who need to visualize the data, also assign the
kibana_userrole:-
If you’re using the
nativerealm, you can assign roles with the Management > Users UI in Kibana or through theuserAPI. For example, the following request grantsauditbeat_usertheauditbeat_readerandkibana_userroles:POST /_xpack/security/user/auditbeat_user { "password" : "YOUR_PASSWORD", "roles" : [ "auditbeat_reader","kibana_user"], "full_name" : "Auditbeat User" } -
If you’re using the LDAP, Active Directory, or PKI realms, you assign the roles in the
role_mapping.ymlconfiguration file. For example, the following snippet grantsAuditbeat Usertheauditbeat_readerandkibana_userroles:auditbeat_reader: - "cn=Auditbeat User,dc=example,dc=com" kibana_user: - "cn=Auditbeat User,dc=example,dc=com"
For more information, see Using Role Mapping Files.
-