Dashboard Only & Tenancy in 1.3

Hi,

I am trying to create dashboard only mode in 1.3 ,

Custom Roles:

dashboard_only
{
      "index_permissions": [
        {
          "index_patterns": [
            "index1-*"
          ],
          "dls": "",
          "fls": [],
          "masked_fields": [],
          "allowed_actions": [
            "kibana_all_read"
          ]
        }
      ],
      "tenant_permissions": [
        {
          "tenant_patterns": [
            "dashboard_tenant"
          ],
          "allowed_actions": [
            "kibana_all_read"
          ]
        }
      ],
      "cluster_permissions": []
    }

User :

user1
{
  "backend_roles": [],
  "attributes": {},
  "opendistro_security_roles": [
    "dashboard_only"
  ],
  "password": ""
}

role mapping :

{
  "backend_roles": [],
  "hosts": [],
  "users": [
    "user1"
  ]
}

I see there are two problems with this :

  • All options in left menu are visible - but it is displaying a warning of “read only”. saw few posts on the instructions , but it is not working out in 1.3
  • Global & Private tenants are visible as well , is there a way to disable these for specific users as user was able to switch out of the tenant.

Thanks

HI MKiran,

Solution for Problem 1: Make sure that you set the Index Single permissions(Read) as well in the Role page. Also, Solution 2 will solve this problem as well.

Solution for problem 2: Yes. you can disable Global and Private tenants using the following config in “kibana.yml”

opendistro_security.multitenancy.tenants.enable_global: false
opendistro_security.multitenancy.tenants.enable_private: false

Hi @shan,

I tried adding “read” to he index permission but it is still same result with all the options enabled.

dashboard_only
{
      "index_permissions": [
        {
          "index_patterns": [
            "index1-*"
          ],
          "dls": "",
          "fls": [],
          "masked_fields": [],
          "allowed_actions": [
            "kibana_all_read","read"
          ]
        }
      ],
      "tenant_permissions": [
        {
          "tenant_patterns": [
            "dashboard_tenant"
          ],
          "allowed_actions": [
            "kibana_all_read"
          ]
        }
      ],
      "cluster_permissions": []
    }

Can you please share sample json that is working for you.

Thaks

HI Kiran,

You are missing cluster level permission. if you set the cluster level Action groups to “CLUSTER_COMPOSITE_OPS_RO” will solve the problem. This config will disable the Management menu. If you want to disable any other menu then you can disable it using kibana.yml.

{
“index_permissions”: [
{
“index_patterns”: [
“{index_name}*”
],
“dls”: “”,
“fls”: ,
“masked_fields”: ,
“allowed_actions”:
}
],
“tenant_permissions”: [
{
“tenant_patterns”: [
“analyst_tenant”
],
“allowed_actions”: [
“kibana_all_read”
]
}
],
“cluster_permissions”: [
“cluster_composite_ops_ro”
]
}

Thanks

Hi Shan,

tried , no luck :frowning:

still every thing is visible.