Locking down Kibana

#1

I have implemented JWT with a fallback to HTTP and it’s working for both Elasticsearch and Kibana.

I am now looking at how i can lock this down further but so far have struggled to get my head around permissions, is it possible to implement the following:

A user that can only access Elasticsearch and will be denied authentication to Kibana.

#2

You can use the Kibana_read_only role to take away everything but Dashboards and if they do not have any Dashboards in they will not be able to see anything - but this is a good feature request. I would also like to see the ability to grant and restrict access to Kibana features by Role (Console Access, Index Management, etc.).

I went ahead and created an issue for this here: https://github.com/opendistro-for-elasticsearch/security/issues/45

Feel free to +1 or further comment on the request.

#3

Thank you for taking the time to look into this, and creating the Issue on git. I have +1’d and added some additional information.