Kibana Roles Introduction

Kibana Security Roles gives you more granular control of access to your Stacks. Roles allow you to specify cluster permissions, index permissions, document and field-level security. By mapping users to roles, they gain access based on those permissions.

Tip: Kibana security roles requires a Logit Stack running Opendistro 1.13 onwards

By default all Logit Teams come with the roles shown below for common scenarios, to modify the roles for a team choose Account Settings > Team Settings from your dashboard. You can add a new team or edit an existing team to modify the roles.

When you add or update a team the roles are automatically synchronised to Kibana Security for you, removing the need for the manual mapping of users to roles in Kibana. You can read more details below about what permissions each predefined role grants to members of that team.

Stack Administrator

Kibana Role name: stack_admin

This role is assigned by default to all Logit Account Owners and allows them to manage all aspects of Kibana Security including users, roles, mappings and index level security in Kibana.

Stack Editor

Kibana Role name: stack_user

Users assigned to this role can manage all aspects of existing stacks.

Kibana User

Kibana Role name: stack_user

Users assigned to this role have access to all aspects of the Kibana UI. Users with this role can make changes to visualisations, dashboards, and other Kibana objects.

Kibana User Read Only

Kibana Role name: stack_user_ro

Users assigned this role have Read-Only access to all aspects of the Kibana UI. Users with this role cannot make any changes to visualisations, dashboards, and other Kibana objects.

Tip: In order to add someone to the stack_user_ro role you would need to remove them from the stack_user role.

Learn how to give a user Read Only Kibana access

Kibana User Dashboard Only

Kibana Role name: stack_dashboard_only

Users assigned to this role can view all Dashboards as Read Only. Users with this role cannot make any changes to visualisations, dashboards, and other Kibana objects.

Learn how to give a user Dashboard Only Kibana access

Grafana User Role

Grafana users can access data using Grafana and create/edit/delete searches, visualisations and dashboards.

Kibana Custom Role

Users assigned to this role can view the Kibana instance but permissions are based on any custom roles defined in the Security Roles section of Kibana. Use this role if you want to give the members access to specific custom roles that you have defined directly in Kibana e.g. granting them specific index level permissions.

Learn how to use the Kibana Custom Role to manage granular access to your Stack

What's next?

Did this answer your question?