NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.
By default, all users can change their own passwords, get information about
themselves, and run the
authenticate API. If you want them to do more than
that, you need to give them one or more roles.
Each role defines a specific set of actions (such as read, create, or delete) that can be performed on specific secured resources (such as indices, aliases, documents, fields, or clusters). To help you get up and running, there are built-in roles.
Go to the Management / Security / Roles page to see them:
Select a role to see more information about its privileges. For example, select
kibana_system role to see its list of cluster and index privileges. To
learn more, see Indices privileges.
Let’s assign the
kibana_user role to your user. Go back to the
Management / Security / Users page and select your user. Add the
role and save the change. For example:
This user now has access to all features in Kibana. For more information about granting access to Kibana see Kibana Authorization.
If you completed all of the steps in Getting started with the Elastic Stack, you should have Metricbeat data stored in Elasticsearch. Let’s create two roles that grant different levels of access to that data.
Go to the Management / Security / Roles page and click Create role.
metricbeat_reader role that has
privileges on the
metricbeat_writer role that has
cluster privileges, as well as
Now go back to the Management / Security / Users page and assign these roles
to the appropriate users. Assign the
metricbeat_reader role to your personal
user. Assign the
metricbeat_writer role to the
The list of users should now contain all of the built-in users as well as the two you created. It should also show the appropriate roles for your users:
If you want to learn more about authorization and roles, see User authorization.