The Elastic Stack comes with the
kibana_admin built-in role, which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges.
When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the
kibana_admin role in addition to a custom role that grants Kibana privileges is ineffective because
kibana_admin has access to all the features in all spaces.
There are two approaches to supporting multi-tenancy in Kibana:
- Recommended: Create a space and a limited role for each tenant, and configure each user with the appropriate role. See Securing access to Kibana for more details.
[7.13.0] Deprecated in 7.13.0. In 8.0 and later, the
kibana.indexsetting will no longer be supported. Set up separate Kibana instances to work with a single Elasticsearch cluster by changing the
kibana.indexsetting in your
When using multiple Kibana instances this way, you cannot use the
kibana_adminrole to grant access. You must create custom roles that authorize the user for each specific instance.
Whichever approach you use, be careful when granting cluster privileges and index privileges. Both of these approaches share the same Elasticsearch cluster, and Kibana spaces do not prevent you from granting users of two different tenants access to the same index.