Authorization
editAuthorization
editAuthorizing users to use Kibana in most configurations is as simple as assigning the user
either the kibana_user or kibana_dashboard_only_user reserved role. If you’re running
a single tenant of Kibana against your Elasticsearch cluster, this is sufficient and no other
action is required.
Multi-tenant Kibana
editWhen running multiple tenants of Kibana, and changing the kibana.index in your kibana.yml, you
must create custom roles that authorize the user for that specific tenant. You can use
either the Management / Security / Roles page in Kibana or the Kibana Role Management API
to assign a specific Kibana privilege at that tenant. After creating the
custom role, you should assign this role to the user(s) that you wish to have access.
Legacy roles
editPrior to Kibana 6.4, Kibana users required index privileges to the kibana.index
in Elasticsearch. This approach is deprecated starting in 6.4, and you will need to switch to using
Kibana privileges before 7.0. When a user logs into Kibana and they’re using
a legacy role, the following is logged to your Kibana logs:
<username> relies on index privileges on the Kibana index. This is deprecated and will be removed in Kibana 7.0
To disable legacy roles from being authorized in Kibana, set xpack.security.authorization.legacyFallback to false
in your kibana.yml.