5.2: Sharing with Users

Objective:

In this lab, you will create a user with limited access to view a shared Dashboard

  1. Elastic Security uses Role-Based Access Control (RBAC). Whenever you need to give out permissions to view an asset, start with the Role. Manage these settings by clicking on:

    • > Stack Management > Security > Roles

  2. On the Roles screen, click Create role.
    Important: never make changes to the Reserved roles. "Roles screen"

  3. Enter dashviewer for the Role name. The role will have no Cluster or Run As privileges. "dashviewer Role"

  4. Under Index privileges, select kibana_sample_data_logs under Indices, and select both read and view_index_metadata for the Privileges. This is the only index we will allow this role to access, and there is no ability for this role to make any changes to this index. "Index Privileges"

  5. Under Kibana, click Add Kibana privilege.

  6. Add the Nova space under Spaces. In a live environment, you might consider creating a new space with only the appropriate dashboard added to it, but for this lab, we will simply use the existing Nova space.

  7. Under the Customize feature privileges, expand Analytics.

  8. Set Dashboard to Read, but do not grant any other privileges. Click Add Kibana privilege. "Kibana Privileges"

  9. This completes our role, so click Create role.

  10. Now, let's add a user. Click Users on the left side panel menu (just above Roles).

  11. Click Create user.

    "Users Page"

    Important: similar to roles, never make changes to reserved users.

  12. Set the Username to public and the Password to public123.

  13. In the Privileges section, select a single role from the Roles dropdown: dashviewer "User roles"

  14. Click Create user.

  15. Log out of Kibana by clicking the "t" circle icon in the upper right corner, and selecting Log out. "User roles"

  16. Log back into Kibana with your new user credentials that you set above.

  17. You should see just the Analytics section on the home page. "User homepage"

  18. Clicking the main menu, you will see only the Analytics section, with a Dashboard link.

  19. Click Dashboard. You will see your Logs Overview dashboard, as well as any others in your Nova space. Open the Logs Overview dashboard.

  20. As you can see, you now have a very limited account. You could use this same account to for anonymous authentication. For now, however, log out, and then log back in with username training and password nonprodpwd.

Summary:

In this lab, you shared a Dashboard with a user with limited access.