Contribution alignment and plans for "Dashboard only mode"?

Great to see this initiative here.

Do you have a rough roadmap for further features. How can community contributions be aligned properly (do you profer github Issues?)

As a small enhancement, we see:
Making the Kibana more Business User friendly, something similar to “Dashboard only mode” in “Xpack”

Are there already plans for implementing this?

Best Regards
Andreas

2 Likes

Hi Andreas,

If you have specific feature requests posting issues in GitHub is good so that we can mark them closed and link the PRs to the issues. Forums are good for discussion, brainstorming and getting help with technical issues - so not an issue to raise questions about features here.

On the Dashboard only request. Check out the built in “read-only role” for Kibana in Open Distro for Security. It should give you what you are looking for. Once applied, a user will see only their Dashboard tab, will be able to browse dashboards but not able to modify the dashboard or visualizations. Let us know if that works for your needs or if you have feedback.

Thanks!

1 Like

Dear Carlmead,

I just tried to create a new kibana user and assigned him the backend role : kibana_read_only (reserved role).

When I log with this new user, all tabs are available and no dashboards are listed in the dashboard tab.

Is it this reserved role you were talking about ? What am I doing wrong ? I know, in search guard I had to add a lign in the kibana conf to activate this dashboard only mode.

Best regards,
Olivier

Thanks Carlmead. Creating a new role mapping for built-in role ‘kibana_read_only’ works. Now only the ‘Dashboard’ menu is shown.

One more question, because ‘Tenants’ seems to be a proprietary approach compared to ‘Spaces’: Do you have plans for a transition to the kibana standard ‘Spaces’ concept?

1 Like

Hi weand - Actually Spaces is a not an open source feature but covered by the Elastic’s proprietary license which doesn’t allow for re-distribution or modification - while Tenants via Open Distro for Elasticsearch is open sourced and licensed with an Apache 2.0 license. If there are usability or other functional improvements you would like to see in tenants, please feel free to log an issue: Issues · opendistro-for-elasticsearch/deprecated-security-advanced-modules · GitHub.

Thanks!

I did the same, create a new role mapping with Backend roles of specific AD group, than I create own role and specify custom Index, as result - only dashboard menu (with all dashboards) is shown for users that is member of that AD group, actually it is what I want, but the question is, how to limit dashboard views for that users?
Thanks

Create a Local user - mine is “dashboard”. Add backend roles:

kibanauser
readall

Create Role Mapping → kibana_read_only
→ under Users, add dashboard

Hope that helps. the “readall” backend role for the user implies that you can create a role for unique indices and use those to create dashboard users that have access to a limited set of indices.

Or… you can simply add the kibanaro user as a kibana_read_only user in Role Mappings

thanks for help, but I didn’t get it at all))
Could you please explain more detailed, many thanks

hi, in new released open distro version 1.0 there is no kibana_read_only role anymore, could you please give us some tips, how to implement Dashboard only mode in newes version, thanks

1 Like

Hi, I have the same problem (with open distro version 1.0). Did you find a solution? Thanks.

I’m start using newer version 1.1.0, where it’s appear again.

I updated to version 1.2.0 and the issue is gone, thanks.

Now I login as a user with ‘dashboard only mode role’ and another role that gives it the right to see a tenant. What is happening is that when i click on ‘dashboard’ tab in this new tenant, I see this:

Which allows the user to see this dashboard called ‘New Dashboard’ that is not listed in the available dashboards list.

Does someone know why this is happening?

Thanks a lot.

2 Likes

Hi @rlk5546 Roger, @ogulman,

I have tried creating the role as you mentioned in the above steps. Just the dashboard icon is visible on the left navigation page. However, No dashboards are listed.

Steps I followed:

  1. Created a User called ‘test’
  2. Assigned the backend role ‘kibanaro’ to ‘test’
  3. Created a role mapping for ‘kibana_read_only’, Added the ‘test’

Version: 1.8.0/7.7.0

I’m I missing something?

Thanks!

Hi, try to add kibana_user role to test user.

[quote]

hi @GIanSilv,
I had the same issue, sometimes it proposes to create a new dashboard for users that had kibana_read_only role assigned, and if you click dashboard icon - the dashboards will be listed.
Currently, I don’t understand why it happens, if someone can explain it would be very nice to fix this. Thanks!

Hi @ogulman,

Thanks for your reply. I have added the role kibana_user to the test user. But still the dashboard list is empty. Tried adding both as Open Distro security role & Backend role.

Can you provide the steps that you’ve followed?

Now I have the following:
User: test
Open Distro Security Roles: kibana_user
Backend Roles: kibanauser, readall

Role mapping: kibana_read_only

{
  "backend_roles": [],
  "hosts": [],
  "users": [
    "test"
  ]
}

I guess that it’s related to the tenant, there is some default private and global tenant. Most probably you create your dashboards in private tenant and for that reason, it’s no visible to test user.
I’ve tried to create a local test user and assign [ kibana_user, kibana_read_only ] and the custom role that is linked to the custom tenant and I can view all dashboards(form custom tenant) when login with test user.

But there are no tenants configured in Kibana. There is only one tenant which is the default one.

How you configured the [ kibana_user , kibana_read_only ] roles. As Open Distro Security Roles? or Backend Roles?

As Open Distro Security Roles. I’m using elk 7.6.1 witch is odfe-1.7.0.

Okay. I am using ODFE 1.8.0. Are there any breaking changes in terms of roles?