Grant users access to secured resourcesedit
You can use role-based access control to grant users access to secured resources. The roles that you set up depend on your organization’s security requirements and the minimum privileges required to use specific features.
Packetbeat users typically perform these main roles: they do the initial setup, publish monitoring information, and publish events. If they’re using Kibana, they view and sometimes create visualizations that access Packetbeat indices.
X-Pack security provides pre-built roles that grant some of the privileges needed by Packetbeat users. When possible, use the built-in roles to minimize the affect of future changes on your security strategy.
For privileges not granted by existing roles, create new roles. At a minimum, create a role for setting up Packetbeat, a role for publishing events, and a role for reading Packetbeat indices. Assign these new roles, along with the pre-built roles, to grant the full set of privileges required by Packetbeat users.
The following sections describe the privileges and roles required to perform specific job roles.
Privileges needed for initial setupedit
Users who set up Packetbeat typically need to load mappings, dashboards, and other objects used to index data into Elasticsearch and visualize it in Kibana. The privileges required depend on the setup tasks users need to perform.
These instructions assume that you are using the default name for Packetbeat indices. If you are using a custom name, modify the privileges to match your index naming pattern.
| Task | Required privileges and roles |
|---|---|
Set up index templates |
|
|
|
|
|
Set up example dashboards |
|
Set up index lifecycle policies |
|
|
Privileges needed to publish and view monitoring informationedit
X-Pack security provides the packetbeat_system
built-in user and
packetbeat_system built-in
role for sending monitoring information. You can use the built-in user, or
create a user who has the privileges needed to send monitoring information.
If you use the packetbeat_system user, make sure you
set the password.
| Task | Required privileges and roles |
|---|---|
Send monitoring info |
|
Use Stack Monitoring in Kibana to monitor Packetbeat |
|
Privileges needed to publish eventsedit
Users who publish events to Elasticsearch need to create and read from Packetbeat indices. The privileges required for this role depend on the tasks users need to perform:
| Task | Required privileges and roles |
|---|---|
Send data to a secured cluster without index lifecycle management |
|
|
|
also requires privileges to set up index templates unless you’ve disabled automatic template loading |
|
Send data to a secured cluster that supports index lifecycle management |
|
|
Privileges needed by Kibana usersedit
Kibana users typically need to view dashboards and visualizations that contain Packetbeat data. These users might also need to create and edit dashboards and visualizations.
The privileges required for Kibana users depend on the tasks they need to perform:
| Task | Required privileges and roles |
|---|---|
View Packetbeat dashboards |
|
|
|
View and edit Packetbeat dashboards |
|
|
Learn more about users and rolesedit
Want to learn more about creating users and roles? See Securing the Elastic Stack. Also see:
- Security privileges for a description of available privileges
- Built-in roles for a description of roles that you can assign to users