The Elastic Stack security features enable you to easily secure a cluster. With security, you can password-protect your data as well as implement more advanced security measures such as encrypting communications, role-based access control, IP filtering, and auditing. For more information, see Secure a cluster and Configuring Security in Kibana.

There are security limitations that affect Kibana. For more information, refer to Security.


To create and manage users, open the menu, then go to Stack Management > Security > Users. You can also change their passwords and roles. For more information about authentication and built-in users, see Setting up user authentication.


To manage roles, open the menu, then go to Stack Management > Security > Roles, or use the Kibana role management APIs. For more information on configuring roles for Kibana, see Granting access to Kibana.

For a more holistic overview of configuring roles for the entire stack, see User authorization.

Managing roles that grant Kibana privileges using the Elasticsearch role management APIs is not supported. Doing so will likely cause Kibana’s authorization to behave unexpectedly.