Role Based Dashboard Access #14072
Labels
Feature:Dashboard
Dashboard related features
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Team:Visualizations
Visualization editors, elastic-charts and infrastructure
Features:-
Summary :-
A direct solution would be to create different dashboards and use Own Home plugin somehow but this gets complicated when we have a lot of dashboards and the relationship is more tightly bound between them. Visualization level access would make a lot of sense then.
The best solution (According to me) would be :-
To have role based access to .kibana index (And fetching the details using user credentials, not kibana process 'master' credentials which currently in 5.4.1 it does, so we're fine) for dashboard and visualization types (At least) in elasticsearch and then kibana should behave accordingly (after handling 403s for a few visualizations + re-ordering). This would require some collaboration between ES and Kibana team.
I have already developed our own SSO/token-based security, for kibana and elasticsearch but this feature is not something that a plugin can address (AFAIK) and changes in kibana's code would be required. If you have some ideas then please share.
Moreover, I have seen that Kibana is great for developers but at an enterprise level it lacks severely. Access control granularity is almost non existent even in X-Pack. Do you have any plans to make it more enterprise ready? I'd be willing to give my input and even contribute.
The text was updated successfully, but these errors were encountered: