I am using open distro for elasticsearch 13.2.1.
To prevent users with dashboard_only_user privileges from viewing edits and search items
What kind of authority should I grant?
I want to know if I can do it in the first place.
@daiki_1028 Can you please explain a bit more what you are trying to achieve (“viewing edits?”)? Also I assume you are using odfe 1.13.2?
You can prevent the users from editing the visualisation and saving them by mapping users to a read_only_role and additional role like below:
testRole1: index_permissions: - index_patterns: - 'test*' allowed_actions: - 'read' - index_patterns: - '.kibana*' allowed_actions: - 'read' cluster_permissions: - "cluster_composite_ops" tenant_permissions: - tenant_patterns: - 'global_tenant' allowed_actions: - 'kibana_all_read'
But the rest doesn’t seem to be possible
This is working in ES version of 6.8 and lower.
I have upgraded AWS ES service from 6.8 to 7.10.2 and started facing this issue on user which are already created.
In my case
Every user has 2 roles in ES v6.8
- Kibana Read Only
- Customize role with Document Level Security
Cluster permission is : cluster_composite_ops_ro
Indexes: ?kibana* and my own created index with DLS
It was working fine in v6.8. After upgrade to 7.10.2 it is NOT working.
Then, I added the same user to kibana_user role and it started working. but User now can do the CRUD on dashboards. Can go on creating visualisations. Which I don’t want and same things is mentioned above in screenshots by @daiki_1028
@Anthony Hi, This is Amit. I am replying from another user now as old user sending reply limit reached.( I can’t see older messages in this user account)
@Anthony As i said I am using the AWS managed service. So I don’t have control on the config files.
Also, If you check with ES v6.8 It require only 2 roles to map ( 1 kibana read only + 1 custom role) then why same thing is not working in ES v7,10,2
ES v7.10.2 makes compulsion on mapping the kibana_user role. Then only it started working( with CRUD issue of dashboard)
Why there is difference between 2 versions?
Can you please tell me how I can achieve dashboard only view in ESv7.10.2?
If you need I am ready to connect with you on google meet