- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.17
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- AI Assistant settings
- Alerting and action settings
- APM settings
- Banners settings
- Cases settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboards
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- Search
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- Cases
- Connectors
- Amazon Bedrock
- Cases
- CrowdStrike
- D3 Security
- Google Gemini
- IBM Resilient
- Index
- Jira
- Microsoft Teams
- Observability AI Assistant
- OpenAI
- Opsgenie
- PagerDuty
- SentinelOne
- Server log
- ServiceNow ITSM
- ServiceNow SecOps
- ServiceNow ITOM
- Swimlane
- Slack
- TheHive
- Tines
- Torq
- Webhook
- Webhook - Case Management
- xMatters
- Preconfigured connectors
- License Management
- Maintenance windows
- Manage data views
- Numeral Formatting
- Rollup Jobs
- Manage saved objects
- Security
- Spaces
- Advanced Settings
- Tags
- Upgrade Assistant
- Watcher
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Osquery manager API
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Synthetics APIs
- Uptime APIs
- Kibana plugins
- Troubleshooting
- Accessibility
- Release notes
- Upgrade notes
- Kibana 8.17.1
- Kibana 8.17.0
- Kibana 8.16.3
- Kibana 8.16.2
- Kibana 8.16.1
- Kibana 8.16.0
- Kibana 8.15.5
- Kibana 8.15.4
- Kibana 8.15.3
- Kibana 8.15.2
- Kibana 8.15.1
- Kibana 8.15.0
- Kibana 8.14.3
- Kibana 8.14.2
- Kibana 8.14.1
- Kibana 8.14.0
- Kibana 8.13.4
- Kibana 8.13.3
- Kibana 8.13.2
- Kibana 8.13.1
- Kibana 8.13.0
- Kibana 8.12.2
- Kibana 8.12.1
- Kibana 8.12.0
- Kibana 8.11.4
- Kibana 8.11.3
- Kibana 8.11.2
- Kibana 8.11.1
- Kibana 8.11.0
- Kibana 8.10.4
- Kibana 8.10.3
- Kibana 8.10.2
- Kibana 8.10.1
- Kibana 8.10.0
- Kibana 8.9.2
- Kibana 8.9.1
- Kibana 8.9.0
- Kibana 8.8.2
- Kibana 8.8.1
- Kibana 8.8.0
- Kibana 8.7.1
- Kibana 8.7.0
- Kibana 8.6.1
- Kibana 8.6.0
- Kibana 8.5.2
- Kibana 8.5.1
- Kibana 8.5.0
- Kibana 8.4.3
- Kibana 8.4.2
- Kibana 8.4.1
- Kibana 8.4.0
- Kibana 8.3.3
- Kibana 8.3.2
- Kibana 8.3.1
- Kibana 8.3.0
- Kibana 8.2.3
- Kibana 8.2.2
- Kibana 8.2.1
- Kibana 8.2.0
- Kibana 8.1.3
- Kibana 8.1.2
- Kibana 8.1.1
- Kibana 8.1.0
- Kibana 8.0.0
- Kibana 8.0.0-rc2
- Kibana 8.0.0-rc1
- Kibana 8.0.0-beta1
- Kibana 8.0.0-alpha2
- Kibana 8.0.0-alpha1
- Developer guide
Kibana role management
editKibana role management
editRoles are a collection of privileges that allow you to perform actions in Kibana and Elasticsearch. Users are not directly granted privileges, but are instead assigned one or more roles that describe the desired level of access. When you assign a user multiple roles, the user receives a union of the roles’ privileges. This means that you cannot reduce the privileges of a user by assigning them an additional role. You must instead remove or edit one of their existing roles.
To create a role, open the menu, then click Stack Management > Roles and click Create role.
Required permissions
editThe manage_security
cluster privilege is required to access role management.
Cluster privileges
editCluster privileges grant access to monitoring and management features in Elasticsearch. They also enable Stack Management capabilities in Kibana.
Refer to cluster privileges for a complete description of available options.
Index privileges
editEach role can grant access to multiple data indices, and each index can have a different set of privileges.
We recommend granting the read
and view_index_metadata
privileges to each index that you expect your users to work with in Kibana.
Refer to index privileges for a complete description of available options.
Document-level and field-level security affords you even more granularity when it comes to granting access to your data. With document-level security (DLS), you can write an Elasticsearch query to describe which documents this role grants access to. With field-level security (FLS), you can instruct Elasticsearch to grant or deny access to specific fields within each document.
Example: Grant access to indices that match the filebeat-*
pattern
edit- Go to Stack Management > Roles, and then click Create role.
-
In Index privileges, enter:
-
filebeat-*
in the Index field. -
read
andview_index_metadata
in the Privileges field.
-
Example: Grant read access to specific documents in indices that match the filebeat-*
pattern
editDocument-level security is a subscription feature.
- Go to Stack Management > Roles, and then click Create role.
-
In Index privileges, enter:
-
filebeat-*
in the Indices field. -
read
andview_index_metadata
in the Privileges field.
-
- Select Grant read privileges to specific documents.
-
Enter an Elasticsearch query that matches the documents your users should access. This example writes a query that allows access to documents that have a
category
field equal toclick
:{ "match": { "category": "click" } }
Kibana automatically surrounds your DLS query with a
query
block, so you don’t have to provide your own.
Remote index privileges
editIf you have at least a platinum license, you can manage access to indices in remote clusters.
You can assign the same privileges, document-level, and field-level as for local index privileges.
Example: Grant access to indices in remote clusters
edit- Go to Stack Management > Roles, and then click Create role.
-
In Remote index privileges, enter:
- The name of your remote cluster in the Remote clusters field.
- The name of the index in your remote cluster in the Remote indices field.
-
The allowed actions in the Privileges field. (e.g.
read
andview_index_metadata
)
Kibana privileges
editTo assign Kibana privileges to the role, click Add Kibana privilege in the Kibana section.
Open the Spaces selection control to specify whether to grant the role access to all spaces All Spaces or one or more individual spaces. If you select All Spaces, you can’t select individual spaces until you clear your selection.
Use the Privilege menu to grant access to features. The default is Custom, which you can use to grant access to individual features. Otherwise, you can grant read and write access to all current and future features by selecting All, or grant read access to all current and future features by selecting Read.
When using the Customize by feature option, you can choose either All, Read or None for access to each feature. As new features are added to Kibana, roles that use the custom option do not automatically get access to the new features. You must manually update the roles.
Stack Monitoring relies on built-in roles to grant access. When a user is assigned the appropriate roles, the Stack Monitoring application is available; otherwise, it is not visible.
To apply your changes, click Add Kibana privilege. The privilege shows up under the Kibana privileges section of the role.
Feature availability
editFeatures are available to users when their roles grant access to the features, and those features are visible in their current space. The following matrix explains when features are available to users when controlling access via spaces and role-based access control:
Spaces config | Role config | Result |
---|---|---|
Feature hidden |
Feature disabled |
Feature not available |
Feature hidden |
Feature enabled |
Feature not available |
Feature visible |
Feature disabled |
Feature not available |
Feature visible |
Feature enabled |
Feature available |
Assigning different privileges to different spaces
editUsing the same role, it’s possible to assign different privileges to different spaces. After you’ve added privileges, click Add Kibana privilege. If you’ve already added privileges for either All Spaces or an individual space, you will not be able to select these in the Spaces selection control.
Additionally, if you’ve already assigned privileges at All Spaces, you are only able to assign additional privileges to individual spaces. Similar to the behavior of multiple roles granting the union of all privileges, Kibana privileges are also a union. If you’ve already granted the user the All privilege at All Spaces, you’re not able to restrict the role to only the Read privilege at an individual space.
Example 1: Grant all access to Dashboard at an individual space
edit- Click Add Kibana privilege.
- For Spaces, select an individual space.
- For Privilege, leave the default selection of Custom.
- For the Dashboard feature, select All
- Click Add Kibana privilege.
Example 2: Grant all access to one space and read access to another
edit- Click Add Kibana privilege.
- For Spaces, select the first space.
- For Privilege, select All.
- Click Add Kibana privilege.
- For Spaces, select the second space.
- For Privilege, select Read.
- Click Add Kibana privilege.
Example 3: Grant read access to all spaces and write access to an individual space
edit- Click Add Kibana privilege.
- For Spaces, select All Spaces.
- For Privilege, select Read.
- Click Add Kibana privilege.
- For Spaces, select the individual space.
- For Privilege, select All.
- Click Add Kibana privilege.
On this page
- Required permissions
- Cluster privileges
- Index privileges
- Example: Grant access to indices that match the
filebeat-*
pattern - Example: Grant read access to specific documents in indices that match the
filebeat-*
pattern - Remote index privileges
- Example: Grant access to indices in remote clusters
- Kibana privileges
- Feature availability
- Assigning different privileges to different spaces
- Privilege summary
- Example 1: Grant all access to Dashboard at an individual space
- Example 2: Grant all access to one space and read access to another
- Example 3: Grant read access to all spaces and write access to an individual space