Our Work

SearchGuard RBAC For Managing User Access Control in Kibana

Updated 1 month and 30 days ago

Search Guard  is a free and Open Source Security plugin for Elasticsearch whereas
Kibana is a open source data visualization tool for Elasticsearch.Kibana have browser based web interface which enables you to create and share dynamic dashboards.

This article is all about user controls on the modules based on the user role in search guard.You can refer the files provided in this Link and copy those files in Search Guard Plugin.

Step 1: Install and Start Search Guard

Please refer below link for search guard installation and then start the kibana instance.

github.com/floragunncom/search-guard-kibana-plugin

Step 2: Defining Modules Based on the User

For Managing access controls first we must have the user details and the list the modules that user can access.For that create unauthorized modules list in the search-guard plugin by creating config file at the backend level.Define the modules list like below

Eg:        
const restrictedUrls = [
     'visualize',
     'visualization',
     'discover',
     'dev_tools',
     'management']

Step 3: Accessing modules Based on the User

After post Authentication verify whether the user have authorization to access the module or not and then redirect the user to the login page if he is unauthorized.For that get the  logged-in user details and unauthorized modules list, check with unauthorized modules list and if the user is not authorized to access the module then redirect it to the login page.

server.ext('onPostAuth', async function (request, next) {
    try{
        if (request.auth && request.auth.isAuthenticated) {
            let authinfo = await server.plugins.searchguard.getSearchGuardBackend().authinfo(request.headers);
            const requestPath = request.url.path
            const roles = authinfo ? authinfo.backend_roles : '';
            unauthorizedUrlstoExecutives.map((element) => {
                if (roles.includes('admin') === false) {
                    if (requestPath.includes(element)) {
                        if (!requestPath.includes('index.css') && !requestPath.includes('bundles') &&    !requestPath.includes('assets')) {
                            request.auth.session.clear();
                        }
                    }
                }
            });
        }
    }catch(err){
        console.log('err', err)
    }
    return next.continue();
});

Looking for Meanstack Developer?

Please Contact us if you have any Mean Stack Implementation requirements. Hire dedicated Mean Stack developers or Mean Stack Development services from KTree. KTree is Best offshore Web & Mobile development company with extensive experience in NodeJS Backend Development

Request For Quote

Related Posts

Tags

    No tag results found for this post