Granting access to Kibana
The Elastic Stack comes with the kibana_admin
built-in role, which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges.
When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the kibana_admin
role in addition to a custom role that grants Kibana privileges is ineffective because kibana_admin
has access to all the features in all spaces.
When running multiple tenants of Kibana by changing the kibana.index
in your kibana.yml
, you cannot use kibana_admin
to grant access. You must create custom roles that authorize the user for that specific tenant. Although multi-tenant installations are supported, the recommended approach to securing access to Kibana segments is to grant users access to specific spaces.