Kibana privilegesedit

Kibana privileges grant users access to features within Kibana. Roles have privileges to determine whether users have write or read access.

Base privilegesedit

Assigning a base privilege grants access to all Kibana features, such as Discover, Dashboard, Visualize Library, and Canvas.

all
Grants full read-write access.
read
Grants read-only access.

Assigning base privilegesedit

From the role management screen:

Assign base privilege

From the role management API:

PUT /api/security/role/my_kibana_role
{
  "elasticsearch": {
    "cluster" : [ ],
    "indices" : [ ]
  },
  "kibana": [
    {
      "base": ["all"],
      "feature": {},
      "spaces": ["marketing"]
    }
  ]
}

Feature privilegesedit

Assigning a feature privilege grants access to a specific feature.

all
Grants full read-write access.
read
Grants read-only access.

Sub-feature privilegesedit

Some features allow for finer access control than the all and read privileges. This additional level of control is a subscription feature.

Assigning feature privilegesedit

From the role management screen:

Assign feature privilege

From the role management API:

PUT /api/security/role/my_kibana_role
{
  "elasticsearch": {
    "cluster" : [ ],
    "indices" : [ ]
  },
  "kibana": [
    {
      "base": [],
      "feature": {
        "visualize": ["all"],
        "dashboard": ["read", "url_create"]
      },
      "spaces": ["marketing"]
    }
  ]
}