How to prevent dashboard_only_user from editing or searching

daiki_1028 · April 26, 2021, 1:19pm

Hi.
Help me.
I am using open distro for elasticsearch 13.2.1.
To prevent users with dashboard_only_user privileges from viewing edits and search items
What kind of authority should I grant?
I want to know if I can do it in the first place.

Anthony · April 27, 2021, 8:45am

@daiki_1028 Can you please explain a bit more what you are trying to achieve (“viewing edits?”)? Also I assume you are using odfe 1.13.2?

daiki_1028 · May 24, 2021, 5:20am

tnx!
yes! i using version 1.13.2.

Dashboard-only users want to limit items in the red frame

Anthony · May 24, 2021, 8:47am

@daiki_1028
You can prevent the users from editing the visualisation and saving them by mapping users to a read_only_role and additional role like below:

testRole1:
  index_permissions:
    - index_patterns:
        - 'test*'
      allowed_actions:
        - 'read'
    - index_patterns:
        - '.kibana*'
      allowed_actions:
        - 'read'
  cluster_permissions:
    - "cluster_composite_ops"
  tenant_permissions:
    - tenant_patterns:
      - 'global_tenant'
      allowed_actions:
        - 'kibana_all_read'

But the rest doesn’t seem to be possible

AmitC · June 17, 2021, 11:49am

This is working in ES version of 6.8 and lower.

I have upgraded AWS ES service from 6.8 to 7.10.2 and started facing this issue on user which are already created.

In my case
Every user has 2 roles in ES v6.8

Kibana Read Only
Customize role with Document Level Security
Cluster permission is : cluster_composite_ops_ro
Indexes: ?kibana* and my own created index with DLS

It was working fine in v6.8. After upgrade to 7.10.2 it is NOT working.

Then, I added the same user to kibana_user role and it started working. but User now can do the CRUD on dashboards. Can go on creating visualisations. Which I don’t want and same things is mentioned above in screenshots by @daiki_1028

AmitCh · June 17, 2021, 7:04pm

@Anthony Hi, This is Amit. I am replying from another user now as old user sending reply limit reached.( I can’t see older messages in this user account)

@Anthony As i said I am using the AWS managed service. So I don’t have control on the config files.

Also, If you check with ES v6.8 It require only 2 roles to map ( 1 kibana read only + 1 custom role) then why same thing is not working in ES v7,10,2

ES v7.10.2 makes compulsion on mapping the kibana_user role. Then only it started working( with CRUD issue of dashboard)

Why there is difference between 2 versions?

Can you please tell me how I can achieve dashboard only view in ESv7.10.2?

If you need I am ready to connect with you on google meet

Thanks, Amit

Topic		Replies	Views
Kibana Create user that can only view Dashboards Open Source Elasticsearch and Kibana	2	4950	July 24, 2020
User creation - View only Dashboards Open Source Elasticsearch and Kibana	5	1283	September 14, 2020
User permissions to only view, modify and delete dashboards/visualizations without access to admin settings Security	6	1446	October 4, 2021
Trying to restrict access to users so they only have dashboard access only Security	5	31	October 31, 2024
Create user have read only permission ( query via dev tools ) Security	22	3334	May 25, 2023

How to prevent dashboard_only_user from editing or searching

Related topics