- Xpack Security for Elasticsearch 7 and Kibana 7
- Xpack Security for Elasticsearch 6 and Kibana 6
- Xpack Security for Elasticsearch 5 and Kibana 5
Xpack Security for Elasticsearch 7 and Kibana 7
Skedler Reports user role should have the following privileges on configured with Xpack:
Cluster Privileges - monitor
User Indices Privileges - read, view_index_metadata
Index Privileges - .skedler* - all
Index Privileges - .kibana* - all
If you use kibana spaces then provide necessary Privileges for the configured spaces, else give Privileges to the Default space.
Spaces - Default - All
You can set up the Skedler Reports user role privileges in your kibana UI under Management > Security > Role. as shown below
Xpack Security for Elasticsearch 6 and Kibana 6
If Xpack is used skedler role require the following privileges, refer the screenshot given below
Cluster Privileges - monitor
Indices Privileges - read and write
Xpack Security for Elasticsearch 5 and Kibana 5
If Xpack is used skedler role require the following privileges, refer the screenshot given below
Cluster Privileges - monitor
Indices Privileges - read and write
Shield configuration for Elasticsearch version below 5
Scenario 1
Kibana managers need access to dataindex: 1 and 2.
Kibana Users should have access only to dataindex: 1.
Skedler generates reports based on user permission for dataindex and Skedler requires permission to ‘.kibana’ index for discovery.
Assuming shield is configured for kibana as follows,
1. For example, if you have both kibana_manager and kibana_user roles, and Skedler index configured for both the roles.
2. Once the configured roles have full permission to access the data index, Skedler can discover all the dashboards and searches from kibana. You can preview or generate report for dashboards and searches for the configured dataindex.
3. If (a) kibana_manager role has full permission to access ‘.kibana’ 'dataindex1' 'dataindex2' and ‘.skedler’ index. Skedler can discover all the dashboards and searches from kibana. You can preview or generate report for all dashboards and searches from 'dataindex1' and 'dataindex2'.
a) The required permissions for kibana_manager.
kibana_manager:
Cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
- cluster:monitor/state
indices:
'*':
- indices:data/read/field_stats
'.kibana':
- indices:admin/exists
- indices:admin/mapping/put
- indices:admin/mappings/fields/get
- indices:admin/refresh
- indices:admin/validate/query
- indices:admin/get
- indices:admin/create
- indices:data/read/msearch
- indices:data/read/get
- indices:data/read/mget
- indices:data/read/search
- indices:data/write/delete
- indices:data/write/index
- indices:data/write/update
'dataindex1':
- indices:admin/exists
- indices:admin/mappings/fields/get
- indices:admin/refresh
- indices:admin/validate/query
- indices:admin/create
- indices:admin/get
- indices:data/read/msearch
- indices:data/read/get
- indices:data/read/mget
- indices:data/read/search
- indices:data/write/index
'.skedler':
- indices:admin/exists
- indices:admin/mapping/put
- indices:admin/mappings/fields/get
- indices:admin/refresh
- indices:admin/validate/query
- indices:admin/get
- indices:admin/create
- indices:data/read/count
- indices:data/read/msearch
- indices:data/read/get
- indices:data/read/mget
- indices:data/read/search
- indices:data/write/delete
- indices:data/write/index
- indices:data/write/update
4. Set the skedler_elasticsearch_username and skedler_elasticsearch_password properties in reporting.yml with the Shield username and password created for kibana_manager or kibana_user role as required.
5. Set the kibana_elasticsearch_username and kibana_elasticsearch_password properties in reporting.yml with the Shield username and password created for kibana_manager or kibana_user role as required.
Scenario 2
1. Create a role for Skedler and provide full access to “.skedler” index and “.kibana” index. Include the below content for the Skedler role in roles.yml. For e.g., for the role the configuration added in roles.yml should be as given below (.kibana index, .skedler index and the dataindex):
Skedler:
Cluster:
· cluster:monitor/nodes/info
· cluster:monitor/health
· cluster:monitor/state
indices:
'*':
· indices:admin/mappings/fields/get
· indices:admin/validate/query
· indices:data/read/search
· indices:data/read/msearch
· indices:admin/get
'.kibana':
· indices:admin/exists
· indices:admin/mapping/put
· indices:admin/mappings/fields/get
· indices:admin/refresh
· indices:admin/validate/query
· indices:data/read/get
· indices:data/read/mget
· indices:data/read/search
· indices:data/write/delete
· indices:data/write/index
· indices:data/write/update
· indices:admin/create
'.skedler':
· indices:admin/exists
· indices:admin/mapping/put
· indices:admin/mappings/fields/get
· indices:admin/refresh
· indices:admin/validate/query
· indices:data/read/get
· indices:data/read/mget
· indices:data/read/search
· indices:data/read/count
· indices:data/write/delete
· indices:data/write/index
· indices:data/write/update
· indices:admin/create
2. Use the command elasticsearch/bin/shield/esusers roles skedler username -a skedler to create a user for the role Skedler.
3. Set the skedler_elasticsearch_username and skedler_elasticsearch_password properties in reporting.yml with the Shield username and password created for skedler role as shown:
4. Set the kibana_elasticsearch_username and kibana_elasticsearch_password properties in reporting.yml with the Shield username and password created for skedler role as shown:
Kibana Shield Plugin Configuration
On successfully installing the shield plugin in Kibana, the Login page is displayed when accessing Kibana.
To make the Shield plugin in Kibana work in Skedler, set the variable kibana_shield_plugin to Yes in skedler_home/config/reporting.yml. By default, the variable value is set as No.
The Shield Configuration variable must be set. Follow the steps in the Shield Configuration section for more information.
1. On configuring the Shield variables, the Login page is displayed.
2. Enter Kibana login credentials in the username and password field, and click Login. The Skedler Homepage is displayed on successfully logging in.
3. To logout, click Logout icon in the Skedler Homepage.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article