All geek questions in one place

Configuring multi-user mode with Kibana and Elasticsearch

I am going to use logstash + ES + kibana for my project. I want to know how to use this structure for several tenants. Can someone explain to me how, after authentication, Kibana requests an elastic search index and load on the Kibana dashboard? Can I restrict the kibana from looking for an Elastic search specificity index for a specific user or some identifier? Has anyone tried this?

Thnx

+6
source share
3 answers

You could, but depending on your use case, this is probably not a good idea. There are several errors, especially regarding security and user separation. The first Kibana is just javascript running in a browser. Therefore, no matter what Kibana allows, it is your user. However, you may have a separate index template for each "user", but elastic search does not provide you with any means of authenticating users or authorizing user access to a specific index. For this you will have to use some kind of proxy.

I recommend http://www.found.no/foundation/elasticsearch-in-production/ and http://www.found.no/foundation/elasticsearch-security/ for a more detailed explanation.

+4
source

Create an index for each tenant.

Thus, you can use a proxy (for example, the kibana host application) to intercept the request and return settings that include the index used.

The value indicating the index used can be registered by the user or you can get this value somewhere else.

To separate even more data, you can use a prefix in each index name, and then when you specify an index, you can use a template so that the entire index only binds to a specific type of data / entity.

I hope for this help.

+2
source

Elasticsearch today announced a plugin they are working on that should provide security features for the ES product. This will likely contain ways to restrict access based on roles and users set at the cluster and index level. If this happens, I see no way to not extend this level of security to Kibana. In addition, it seems that this plugin will only have a commercial version.

+1
source

Source: https://habr.com/ru/post/944782/

More articles:


All Articles