Request For Quote
SearchGuard RBAC For Managing User Access Control in Kibana
Search Guard is a free and Open Source Security plugin for Elasticsearch whereasKibana is a open source data visualization tool for Elasticsearch.Kibana have browser based…

Search Guard is a free and Open Source Security plugin for Elasticsearch whereas
Kibana is a open source data visualization tool for Elasticsearch.Kibana have browser based web interface which enables you to create and share dynamic dashboards.

This article is all about user controls on the modules based on the user role in search guard.You can refer the files provided in this Link and copy those files in Search Guard Plugin.

Step 1: Install and Start Search Guard

Please refer below link for search guard installation and then start the kibana instance.

github.com/floragunncom/search-guard-kibana-plugin

Step 2: Defining Modules Based on the User

For Managing access controls first we must have the user details and the list the modules that user can access.For that create unauthorized modules list in the search-guard plugin by creating config file at the backend level.Define the modules list like below

Eg: 
const restrictedUrls = [
 ‘visualize’,
 ‘visualization’,
 ‘discover’,
 ‘dev_tools’,
 ‘management’]

Step 3: Accessing modules Based on the User

After post Authentication verify whether the user have authorization to access the module or not and then redirect the user to the login page if he is unauthorized.For that get the logged-in user details and unauthorized modules list, check with unauthorized modules list and if the user is not authorized to access the module then redirect it to the login page.

server.ext(‘onPostAuth’, async function (request, next) {

    try {

        if (request.auth && request.auth.isAuthenticated) {

            let authinfo = await server.plugins.searchguard.getSearchGuardBackend().authinfo(request.headers);

            const requestPath = request.url.path

            const roles = authinfo ? authinfo.backend_roles : ”;

            unauthorizedUrlstoExecutives.map((element) => {

                if (roles.includes(‘admin’) === false) {

                    if (requestPath.includes(element)) {

                        if (!requestPath.includes(‘index.css’) && !requestPath.includes(‘bundles’) && !requestPath.includes(‘assets’)) {

                            request.auth.session.clear();

                        }

                    }

                }

            });

        }

    } catch (err) {

        console.log(‘err’, err)

    }

    return next.continue();

});