0

How to prevent users who have access to kibana dev tools, from making any inadvertent changes , updates or deletes in a particular index.Basically what I am looking for is, some kind of authorisation for a particular index, so that only authorised users can be given R/W access and any other users should have only R permission.

soumitra goswami
  • 818
  • 6
  • 29

2 Answers2

0

You can define privileges like read, write, delete etc. in user roles. Privileges can be categorized into cluster- and index-privileges as documented on this page:

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html

The index-privileges are what you're looking for.

After creating the roles (e.g. one for read-write and one for read-only), you simply need to add the particular users to these roles. Elasticsearch will then check the user's privileges on every action they try to execute and prevent them if needed. This is done via the has_privileges API Elasticsearch internally uses.

Here's a guide on how to define roles:

https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html

Here are some further resources related to that topic:

I hope I could help you.

apt-get_install_skill
  • 2,818
  • 10
  • 27
0

Alternatively, using IP-based Access Policy, you can allow or deny Actions (es:ESHttpDelete, es:ESHttpGet, es:ESHttpHead, es:ESHttpPost, es:ESHttpPut, es:ESHttpPatch). Especially if you don't want to permanently turn on Fine-tuned Access Policies that utilize roles, for whatever reason. Although I do like the fine-tuned capability to limit access to fields.

An IP-based access policy example, altered from ES Identity and Access Management

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "es:ESHttpDelete"
      ],
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "192.0.2.0/24"
          ]
        }
      },
      "Resource": "arn:aws:es:us-west-1:987654321098:domain/test-domain/*"
    }
  ]
}
Jennifer Crosby
  • 185
  • 1
  • 1
  • 14