Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Role Based Dashboard Access #14072

Closed
varunsharma27 opened this issue Sep 20, 2017 · 2 comments
Closed

Role Based Dashboard Access #14072

varunsharma27 opened this issue Sep 20, 2017 · 2 comments
Labels
Feature:Dashboard Dashboard related features Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! Team:Visualizations Visualization editors, elastic-charts and infrastructure

Comments

@varunsharma27
Copy link
Contributor

varunsharma27 commented Sep 20, 2017
edited
Loading

Features:-

  • Role Based Dashboard Access.
  • Role Based Visualization Access (Showing partial Dashboards).

Summary :-

  • Lets say there are 3 groups:- Sales, Accounting, Management. They visit a dashboard 'Report'.
  • We'd like each of them to see it in a different way, Sales have no use for all those nitpicky things that accounting would require and Accounting wouldn't really care about Sales target related visualizations. Management would probably want all details plus a few higher level visualizations showing the health of organization.

A direct solution would be to create different dashboards and use Own Home plugin somehow but this gets complicated when we have a lot of dashboards and the relationship is more tightly bound between them. Visualization level access would make a lot of sense then.

The best solution (According to me) would be :-
To have role based access to .kibana index (And fetching the details using user credentials, not kibana process 'master' credentials which currently in 5.4.1 it does, so we're fine) for dashboard and visualization types (At least) in elasticsearch and then kibana should behave accordingly (after handling 403s for a few visualizations + re-ordering). This would require some collaboration between ES and Kibana team.

I have already developed our own SSO/token-based security, for kibana and elasticsearch but this feature is not something that a plugin can address (AFAIK) and changes in kibana's code would be required. If you have some ideas then please share.

Moreover, I have seen that Kibana is great for developers but at an enterprise level it lacks severely. Access control granularity is almost non existent even in X-Pack. Do you have any plans to make it more enterprise ready? I'd be willing to give my input and even contribute.
@tylersmalley tylersmalley added the Feature:Dashboard Dashboard related features label Oct 3, 2017
@timroes timroes added :Sharing Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! labels Aug 8, 2018
@legrego
Copy link
Member

legrego commented Aug 29, 2018

You might be interested in the Spaces feature we are actively working on. This will let you organize your dashboards (and other saved objects) into "spaces", and with X-Pack Security, you'll be able to control who has access to individual spaces.

@timroes timroes added Team:Visualizations Visualization editors, elastic-charts and infrastructure and removed :Sharing labels Sep 14, 2018
@marius-dr
Copy link
Member

As @legrego mentioned, Spaces will cover this request. Closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Dashboard Dashboard related features Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! Team:Visualizations Visualization editors, elastic-charts and infrastructure
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tylersmalley @timroes @legrego @marius-dr @varunsharma27