Using Skedler with Document-level security from Search Guard

 Hello all,

we are using elasticsearch and kibana 6.2.2 with the Search Guard plugin for security and we want to use Skedler for creating reports.

Since not all users are allowed to see every document in elasticsearch indices it is important for us that the users can login to Skedler with their specific kibana accounts and and get the reports only on the basis of the data they are allowed to see.

Is something like that possible with Skedler? Or in other words: Is Skedler able to support the Document-level security feature from Search Guard?

Another question would be if Skedler supports the multitenency feature from Search Guard.


Kind Regards

Tobi


Hi Tobi,


Thanks for contacting Skedler.


Yes! it's possible to have Search Guard Plugin security for users to log in with their specific Kibana account and get the reports only on the basis of the data they are allowed to see.


As of now, Search Guard Plugin with multitenancy is not an option with Skedler. But your requirement is noted.


Hope this helps.

 Hello all,

thanks for the reply. Sounds good so far.

But could you please explain how to configure Skedler to allow users to log on with their kibana account? Right now I can only set one username and pwd for skedler and kibana each in the reporting.yml and if both are different it seems that the kibana username and pwd ist ignored somehow.

I have set all the values mentioned in the doumentation here: https://support.skedler.com/support/solutions/articles/8000061967-xpack-search-guard-kibana-plugin-configuration


So what is the correct way of achieving what I described in my fist message?


Kind Regards

Tobi

Hello all,

thanks for the reply. Sounds good so far.

But could you please describe how to configure Skedler to make the above case possible? Right now I can only give one username and password for skedler and one for kibana in the reporting yml. And I can only log in with the skedler username and password. If I give a different username and pwd for kibana it seems to be ignored.

What would be the correct way of achieving what I described in my first message?


Kind Regards

Tobi

Hi Tobi,


Thanks for contacting Skedler.


To configure Skedler and allow users to log on with their Kibana account, make sure kibana_shield_plugin variable as yes and the user to have the access to .skedler and .kibana index to view the dashboard they are allowed to view.


For Skedler to connect ES to store the Skedler metadata the user created in Kibana should have access to the .skedler index, therefore, the following variables need to be configured and uncommented to the skedler_elasticsearch_username and skedler_elasticsearch_password


During the Skedler report generation process, Kibana needs access to ES, therefore, the user created in Kibana should have access to the .kibana index. Therefore the following variable need to be configured and uncommented kibana_elasticsearch_username and kibana_elasticsearch_password


Post that, provide the appropriate username and password in reporting.yml.


This is the technique to allow users to log on with their Kibana account.


However, if you have followed the above technique and still facing issues, let us know if you see  


  • The Skedler login screen before accessing Skedler UI.
  •  Or No Skedler login screen appears?  
  •  Or Skedler login failed and getting an error, like (Invalid username or password; .skedler index not configured or .kibana index not configured)


If you happen to face any of the above three issues, help us with your reporting.yml file and zipped skedler log folder to investigate further.


Hope this helps.


Login or Signup to post a comment