You can use role-based access control to grant users access to secured resources. The roles that you set up depend on your organization’s security requirements and the minimum privileges required to use specific features.
Typically you need the create the following separate roles:
- setup role for setting up index templates and other dependencies
- monitoring role for sending monitoring information
- writer role for publishing events collected by Winlogbeat
- reader role for Kibana users who need to view and create visualizations that access Winlogbeat data
Elasticsearch security features provides built-in roles that grant a subset of the privileges needed by Winlogbeat users. When possible, use the built-in roles to minimize the affect of future changes on your security strategy.
Instead of using usernames and passwords, roles and privileges can be assigned to API keys to grant access to Elasticsearch resources. See Grant access using API keys for more information.
Intro to Kibana
ELK for Logs & Metrics