I’m looking for a set of permissions that’s looser than using
opendistro_security.readonly_mode.roles, but will prevent users from changing things under Stack Management. I haven’t figured out a way to keep people from changing the global settings like the Index Patterns or the timezone for date formatting.
Ideally they’d only be able to use Discover, Dashboard, and Visualize under the Kibana app. Using the
readonly_mode only allows access to Dashboard, which means users can’t (edit: forgot the 't) see the actual loglines as they are coming in to the system.
I’d settle for something that just allows access to Discover, or a Dashboard that can show all of the fields parsed from a logline.