Grant privileges and roles needed to read Auditbeat data from Kibana
editGrant privileges and roles needed to read Auditbeat data from Kibana
editKibana users typically need to view dashboards and visualizations that contain Auditbeat data. These users might also need to create and edit dashboards and visualizations.
To grant users the required privileges:
-
Create a reader role, called something like
auditbeat_reader
, that has the following privilege:Type Privilege Purpose Index
read
onauditbeat-*
indicesRead data indexed by Auditbeat
Spaces
Read
orAll
on Dashboards, Visualize, and DiscoverAllow the user to view, edit, and create dashboards, as well as browse data.
-
Assign the reader role, along with the following built-in roles, to users who need to read Auditbeat data:
Role Purpose monitoring_user
Allow users to monitor the health of Auditbeat itself. Only assign this role to users who manage Auditbeat.