WARNING: Version 6.0 of Winlogbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Granting Users Access to Winlogbeat Indices
editGranting Users Access to Winlogbeat Indices
editTo enable users to access the indices a Winlogbeat creates, grant them read
and view_index_metadata privileges on the Winlogbeat indices:
-
Create a role that has the
readandview_index_metadataprivileges for the Winlogbeat indices. You can create roles from the Management > Roles UI in Kibana or through theroleAPI. For example, the following request creates awinlogbeat_readerrole: -
Assign your users the reader role so they can access the Winlogbeat indices:
-
If you’re using the
nativerealm, you can assign roles with the Management > Users UI in Kibana or through theuserAPI. For example, the following request grantswinlogbeat_userthewinlogbeat_readerrole:POST /_xpack/security/user/winlogbeat_user { "password" : "x-pack-test-password", "roles" : [ "winlogbeat_reader"], "full_name" : "Winlogbeat User" } -
If you’re using the LDAP, Active Directory, or PKI realms, you assign the roles in the
role_mapping.ymlconfiguration file. For example, the following snippet grantsWinlogbeat Userthewinlogbeat_readerrole:winlogbeat_reader: - "cn=Winlogbeat User,dc=example,dc=com"
For more information, see Using Role Mapping Files.
-