Granting access to Kibana
editGranting access to Kibana
editThe Elastic Stack comes with the kibana_admin
built-in role, which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges.
When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the kibana_admin
role in addition to a custom role that grants Kibana privileges is ineffective because kibana_admin
has access to all the features in all spaces.
Supporting multiple tenants
editThere are two approaches to supporting multi-tenancy in Kibana:
- Recommended: Create a space and a limited role for each tenant, and configure each user with the appropriate role. See Securing access to Kibana for more details.
-
[7.13.0] Deprecated in 7.13.0. In 8.0 and later, the
kibana.index
setting will no longer be supported. Set up separate Kibana instances to work with a single Elasticsearch cluster by changing thekibana.index
setting in yourkibana.yml
file.When using multiple Kibana instances this way, you cannot use the
kibana_admin
role to grant access. You must create custom roles that authorize the user for each specific instance.
Whichever approach you use, be careful when granting cluster privileges and index privileges. Both of these approaches share the same Elasticsearch cluster, and Kibana spaces do not prevent you from granting users of two different tenants access to the same index.