Multi-user Elastic Stack
(PRO)
This document will guide you through setting up your Elasticsearch and Kibana stack with ReadonlyREST such that:
3 users will be able to login into Kibana using their own set of credentials
All users will see the same Kibana dashboards, but may be seeing different subsets of the whole data contained in Elasticsearch.
Users and capabilities
For this tutorials, we want to have three users, each of them has a distinct access level to a shared Kibana tenancy (set of dashboards and settings).
Can create, edit, delete dashboards
✅
✅
Can change Kibana settings
✅
✅
Only sees logstash data from 2019
✅
Can see "add", "delete", "edit" buttons
✅
✅
"dev-tools" Kibana App is hidden
✅
✅
"readonlyrest" Kibana App is hidden
✅
NB: ReadonlyREST for Elastisearch and ReadonlyREST PRO for Kibana have an great amount of features like groups, connector for external systems like LDAP, etc. Don't forget to visit the full documentation and the forum to know more about it. NB: This guide works with ROR Enterprise as well.
Before you start
For the scope of this guide, we will assume:
You will have a functioning installation of Elasticsearch and Kibana
If you don't have the ROR PRO (or Enterprise) plugin for Kibana, get yourself a two weeks free trial build
Setup: the Elasticsearch side
On the same directory with your elasticsearch.yml
(default: config/
, create a file called readonlyrest.yml
and write the following settings into it.
Setup: the Kibana side
With ROR, we try as much as possible to keep all the settings withing the Elasticsearch domain. Therefore, you'll notice how few settings are needed on the Kibana side, apart from actually installing the plugin.
Open up config/kibana.yml
and add/edit the following settings:
Running
Fire up Elasticsearch
And then Kibana
Logging in
Now you are ready to point your browser to the Kibana server IP (defaulting on port 5601) and you should see a login prompt. You can login as any user i.e. "rw_usr", or "admin" and the password is always "dev".
Just remember to login with a RW user first, so Kibana can create its own default settings.
Last updated