kibana-own-home icon indicating copy to clipboard operation
kibana-own-home copied to clipboard

Published 20 hours ago verified publisher icon wtakase

permissions based on ldap group name

Open leadwire-apm opened this issue 6 years ago • 1 comments

Hi,

I'm using own_home with apache reverse proxy, open ldap and searchguard-es-plugin to secure use of Kibana. I have multiple users stored in open ldap (ou=People) and multiple application also astored in open ldap (ou=Groups). One user can have multiple groups.

In my use case, a user must only see those indices

  • .kibana_${user_name} = >his own dashboards
  • .kibana_app1 => the dashboards of the app1
  • .kibana_app2 => the dashboards of the app2
  • application-app1-index-dd-mm-yyyy => the application 1 data
  • application-app2-index-dd-mm-yyyy => the application 2 data

I can do that by editing manually sg_roles.yml, sg_roles_mapping.yml ... (trouble some task)

Is there a more dynamic way to handle it ? for example with a ${group_name} variable ?

regards, Wassim

leadwire-apm avatar May 07 '18 14:05 leadwire-apm

Hello. I think it is searchguard issue.

wtakase avatar May 08 '18 04:05 wtakase