Elastic security
In many cases, for security reasons, we need to Kibana different users assign different user rights, so that can not access each other's resources among themselves, with
that they should have different rights for different time index such as reading, writing and management. Elastic Security provide authorization access control (RBAC - role-based functionality
Role Based Access Control).
User can have a different role, a role and each contains a different operating authority. With RBAC, you can control access by defining:
- users: Create an account with different attributes (username, full name, e-mail, and the corresponding roles)
- roles: allocation of a set of named permission, Elasticsearch contains multiple built-in role
- resources: restrict access to the entity, such as a document or index
- privileges: represents one or more actions may be performed on a group of named resources
- permissions: apply to a privileged set of one or more privileged or more resources
What is Space (space)?
You can organize the dashboard and other objects will be saved to meaningful categories by Space. In case of default of this function is activated . Can enter in elasticsearch.yml file
line configuration:
xpack.spaces.enabled: false
The above configuration makes this function is canceled.
Objects created within a space accessible only from the space. After security is enabled, you can control which users have access to which space. Saved object from a particular space will
be marked as the target space.
In the case of default, Kibana help us create a namespace named Default at startup. When we upgrade from one version there is no space, then all
of the visualization will be stored in the space Default's. When we create a Space, it only needs a name, which is used to produce URL identifier , we can also add
some of the descriptors.
Ready to work
Installed elasticsearch and kibana
Open x-pack, and set the default user's password, etc.
Interface login kibana
Create a space
4.1 Click on the top left corner of Space space, the default is Defalut, click on "Manage Sapce". After entering the Space interface, click "Create a space" in the upper right corner. Enter a name and click "Create space".
As shown below:
4.2 同样操作创建另一个space,如下图所示:
4.3 最终显示界面信息:
Create a role Role
5.1 click "Management", then click the "Security" below "Roles", click on the "Create role" in the upper right corner, the steps as shown below:
5.2 创建另一个角色test2,操作步骤同上,效果如下:
- Create a user. Click on "Management", then click on the "Security" under the "Users", click on the upper right corner of the "Create user", created by step on the line, the role of the selection step to create the final effect is as follows:
- Click on the top right corner of the space, the space switch to Test1
然后点击“Dev Tools”工具,在这个Test1 space下创建一个索引test1:
```
PUT /test1/_doc/1
{
"name":"test1"
}
```
**注意:我这边是先创建的role管理的索引,后创建的索引,注意索引名称**
然后回到“Management”下的“Kibana”的“Index Patterns”,创建一个索引模式,输入的时候会提示有test1和test2,但是我们只选择test1,最终效果如下:
然后再点击右上角的space,切换到Test2这个space,按照上述步骤,创建一个索引test2:
```
PUT /test2/_doc/1
{
"name":"test2"
}
```
然后回到“Management”下的“Kibana”的“Index Patterns”,创建一个索引模式,输入的时候会提示有test1和test2,但是我们只选择test2,最终效果如下:
- Then click on the left navigation first "Discover", will find that this can only be seen under test1 Space
test1*, this can only be seen under test2 Spacetest2*, I do not see any of this index in default default space.
Summary: a deep understanding of this sentence: object created within a space accessible only from the space
If the existing index mode, you can delete the index mode, and then create a space, create roles, create users, etc., to switch to the space created, and then create the index mode. That is the job need to operate in this space.