Our Work

SearchGuard RBAC For User Controls On Menus & Dashboards in Kibana

Updated today

Search Guard  is a free and Open Source Security plugin for Elasticsearch whereas Kibana is a open source data visualization plugin for Elasticsearch.Kibana have browser based web interface enables you to create and share dynamic dashboards.

This article is all about hiding menus and dashboards controls based on the user role in kibana.You can refer the files provided in this Link and copy those files in Search Guard Plugin and add custom config in the kibana.yml file which is in kibana config folder.

Step 1: Install and Start Search Guard

Please refer below link for searchguard installation and then start the kibana instance.

github.com/floragunncom/search-guard-kibana-plugin

Step 2: Hiding menus based on the user 

You  may want to give access to the menus for some particular users only.In that case add a root class for the main body in the search guard plugin and write css to toggle hiding based on the user role.Follow below example in ‘enable_readonly.js’.

Example:

        
var body = document.querySelector('body');
if(authInfo.backend_roles.includes('admin') === false){
      body.classList.add('hideSideNavbar')
}

Step 3: Defining Dashboards List Based on Role

If you want to display the dashboards based on the role follow 3 and 4  steps.

For Controlling dashboards, add custom config in the kibana.yml file using search-guard plugin.Because we cannot add custom configurations directly in kibana.Define configurations  by specifying role and the list of dashboards that role can access like below.You can add and remove the dashboards list for a role based on our requirement.

Example:

searchguard.dashBoardAccess: [
{
role: 'demouserrole',dashboards: [ 'Public Dashboard' ]
}
]

After that in search guard plugin you need to define dashBoardAccess parameter in the config of enable_readonly.js then make the dashboardAccess parameter as global because you need to access those list and need to display the dashboards based on the list.Please check readOnlyResolver() function in the ‘enable_readonly.js file to know how to make it global.

Step 4: Hiding Dashboards Based on User Controls

Now, you can access the dashboards controls list from the kibana config file using Step 3.

In order to hide the dashboards in kibana, got to the file dashboard_listing and access the list of dashboards based on the user role in the getPageOfItems() function.

Example:

 let dash = [];
  const roleBasedDashboards = [];
    if (loggeduserRoles.includes('admin') === false) {
        if (kibanaDashBoardAccessConfig) {
            kibanaDashBoardAccessConfig.map((value) => {
                loggeduserRoles.forEach((role) => {
                    if (value.role === role) {
                    dash.push(...value.dashboards);
                    }
                });
            });
            //for removing duplicates
            dash = dash.filter((ele, index, self) => { return index === self.indexOf(ele); });
            this.state.dashboards.map((val) => {
            const title = val.title ? val.title : '';
                dash.forEach((dash) => {
                    if (title && title === dash) {
                    roleBasedDashboards.push(val);
                    }
                });
            });
        }
    }



Looking for Meanstack Developer?

Please Contact us if you have any Mean Stack Implementation requirements. Hire dedicated Mean Stack developers or Mean Stack Development services from KTree. KTree is Best offshore Web & Mobile development company with extensive experience in React Development

Request For Quote

Tags

    No tag results found for this post