Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update securing-spaces.asciidoc #26652

Closed
wants to merge 1 commit into from
Closed

Update securing-spaces.asciidoc #26652

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion docs/spaces/securing-spaces.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,6 @@

With security enabled, you can control who has access to specific spaces. You can manage access in **Management > Roles**.

image::spaces/images/securing-spaces.png["Securing spaces"]
image::spaces/images/securing-spaces.png["Securing spaces"]

Note that kibana ships with a built-in role called ```kibana_user``` which grants the **all** privilege as minimum access to all spaces. In order to restrict a user to only a subset of spaces, remember to not give the ```kibana_user``` role but but instead to create a custom scheme where new roles grant both Index Privileges **manage, read, index, delete** to the pattern ```.kibana*``` and the intended access to the correct subset of spaces.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We actually don't want to be creating roles with direct index access anymore, and should be recommending using the Kibana Privileges.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kobelb The built in kibana roles grant access to all spaces, so it's a circular argument for the person who wants to restrict some spaces for some users. I'm not sure what to suggest.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for the confusion, I was attempting to suggest that we reword the following phrasing:

but but instead to create a custom scheme where new roles grant both Index Privileges manage, read, index, delete to the pattern .kibana* and the intended access to the correct subset of spaces.

but instead create a custom role that grants access to the correct subset of spaces using the role's Kibana privileges.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the section of the role page, which we refer to as the "Kibana privileges":

screen shot 2018-12-06 at 10 38 05 am