Granting access to Kibanaedit

The Elastic Stack comes with the kibana_admin built-in role, which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges.

When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the kibana_admin role in addition to a custom role that grants Kibana privileges is ineffective because kibana_admin has access to all the features in all spaces.

Supporting multiple tenantsedit

There are two approaches to supporting multi-tenancy in Kibana:

  1. Recommended: Create a space and a limited role for each tenant, and configure each user with the appropriate role. See Securing access to Kibana for more details.
  2. [7.13.0] Deprecated in 7.13.0. In 8.0 and later, the kibana.index setting will no longer be supported. Set up separate Kibana instances to work with a single Elasticsearch cluster by changing the kibana.index setting in your kibana.yml file.

    When using multiple Kibana instances this way, you cannot use the kibana_admin role to grant access. You must create custom roles that authorize the user for each specific instance.

Whichever approach you use, be careful when granting cluster privileges and index privileges. Both of these approaches share the same Elasticsearch cluster, and Kibana spaces do not prevent you from granting users of two different tenants access to the same index.