Request For Quote
SearchGuard RBAC For User Controls On Menus & Dashboards in Kibana
Search Guard is a free and Open Source Security plugin for Elasticsearch whereas Kibana is a open source data visualization plugin for Elasticsearch.Kibana have browser…

Search Guard is a free and Open Source Security plugin for Elasticsearch whereas Kibana is a open source data visualization plugin for Elasticsearch.Kibana have browser based web interface enables you to create and share dynamic dashboards.

This article is all about hiding menus and dashboards controls based on the user role in kibana.You can refer the files provided in this Link and copy those files in Search Guard Plugin and add custom config in the kibana.yml file which is in kibana config folder.

Step 1: Install and Start Search Guard

Please refer below link for searchguard installation and then start the kibana instance.

github.com/floragunncom/search-guard-kibana-plugin

Step 2: Hiding menus based on the user

You may want to give access to the menus for some particular users only.In that case add a root class for the main body in the search guard plugin and write css to toggle hiding based on the user role.Follow below example in ‘enable_readonly.js’.

Example:

var body = document.querySelector(‘body’);
if (authInfo.backend_roles.includes(‘admin’) === false) {
    body.classList.add(‘hideSideNavbar’)
}

Step 3: Defining Dashboards List Based on Role

If you want to display the dashboards based on the role follow 3 and 4 steps.

For Controlling dashboards, add custom config in the kibana.yml file using search-guard plugin.Because we cannot add custom configurations directly in kibana.Define configurations by specifying role and the list of dashboards that role can access like below.You can add and remove the dashboards list for a role based on our requirement.

Example:

searchguard.dashBoardAccess: [

    {

        role: ‘demouserrole’, dashboards: [‘Public Dashboard’]

    }

]

After that in search guard plugin you need to define dashBoardAccess parameter in the config of enable_readonly.js then make the dashboardAccess parameter as global because you need to access those list and need to display the dashboards based on the list.Please check readOnlyResolver() function in the ‘enable_readonly.js file to know how to make it global.

Step 4: Hiding Dashboards Based on User Controls

Now, you can access the dashboards controls list from the kibana config file using Step 3.

In order to hide the dashboards in kibana, got to the file dashboard_listing and access the list of dashboards based on the user role in the getPageOfItems() function.

Example:

let dash = [];

const roleBasedDashboards = [];

if (loggeduserRoles.includes(‘admin’) === false) {

    if (kibanaDashBoardAccessConfig) {

        kibanaDashBoardAccessConfig.map((value) => {

            loggeduserRoles.forEach((role) => {

                if (value.role === role) {

                    dash.push(…value.dashboards);

                }

            });

        });

        //for removing duplicates

        dash = dash.filter((ele, index, self) => { return index === self.indexOf(ele); });

        this.state.dashboards.map((val) => {

            const title = val.title ? val.title : ”;

            dash.forEach((dash) => {

                if (title && title === dash) {

                    roleBasedDashboards.push(val);

                }

            });

        });

    }

}