You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Aug 16, 2022. It is now read-only.
Copy file name to clipboardExpand all lines: docs/security-access-control/users-roles.md
+58Lines changed: 58 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -117,3 +117,61 @@ Role | Description
117
117
`security_rest_api_access` | A special role that allows access to the REST API. See `opendistro_security.restapi.roles_enabled` in `elasticsearch.yml` and [Access control for the API](../api/#access-control-for-the-api).
118
118
119
119
For more detailed summaries of the permissions for each role, reference their action groups against the descriptions in [Default action groups](../default-action-groups/).
120
+
121
+
## Sample roles
122
+
123
+
The following examples show how you might set up a read-only and a bulk access role.
124
+
125
+
### Set up a read-only role in Kibana
126
+
127
+
Create a new `read_only_index` role:
128
+
129
+
1. Open **Kibana**.
130
+
1. Choose **Security**, **Roles**.
131
+
1. Choose the *+* button, enter a role name `read_only_index`.
132
+
1. Choose the **Cluster Permissions** tab, select **Add Action Group**.
133
+
1. In **Permissions: Action Groups**, select `cluster_composite_ops_ro` and choose **Add Action Group**.
134
+
1. Choose the **Index Permissions** tab, select **Add index permissions** and add your index pattern `my-index-*`.
135
+
1. In **Permissions: Action Groups**, choose **Add Action Group** and select `read`.
136
+
1. Choose **Save Role Definition**.
137
+
138
+
Map `kibana_user` and `kibana_read_only` roles to the `read_only_index` role:
139
+
140
+
1. Choose **Security**, **Role Mappings**.
141
+
1. Next to `kibana_user`, choose the **Edit** button.
142
+
- If you don't already have a `kibana_user` role, choose the *+* button and create the role.
143
+
1. In the **Users** field, add your `read_only_index` role and choose **Submit**.
144
+
1. Next to `kibana_read_only`, choose the **Edit** button.
145
+
- If you don't already have a `kibana_read_only` role, choose the *+* button and create the role.
146
+
1. In the **Users** field, add your `read_only_index` role and choose **Submit**.
147
+
148
+
Create a new tenant and grant role access:
149
+
150
+
1. Choose **Security**, **Tenants**.
151
+
1. Choose the *+* button, enter your desired tenant name.
152
+
1. Choose **Submit**.
153
+
1. Choose **Security**, **Roles**.
154
+
1. Next to the `read_only_index` role, choose **Edit**.
155
+
1. Choose the **Tenants Permissions** tab, in **Permissions**, select `kibana_all_read`.
156
+
1. Add a tenant pattern to select all required tenants.
157
+
1. Choose **Save Role Definition**.
158
+
159
+
### Set up a bulk access role in Kibana
160
+
161
+
Create a new `bulk_access` role:
162
+
163
+
1. Open **Kibana**.
164
+
1. Choose **Security**, **Roles**.
165
+
1. Choose the *+* button, enter a role name `bulk_access`.
166
+
1. Choose the **Cluster Permissions** tab, select **Add Action Group**.
167
+
1. In **Permissions: Action Groups**, select `cluster_composite_ops` and choose **Add Action Group**.
168
+
1. Choose the **Index Permissions** tab, select **Add index permissions** and your index patterns `my-index-*`.
169
+
1. In **Permissions: Action Groups**, choose **Add Action Group** and select `write`.
170
+
1. Choose **Save Role Definition**.
171
+
172
+
Map bulk access permissions to the `bulk_access` role:
173
+
174
+
1. Choose **Security**, **Role Mappings**.
175
+
1. Choose the *+* button, select the `bulk_access` role.
176
+
1. In **Users**, choose **Add User** and add your `bulk_access` user.
0 commit comments