Kibana Roles Introduction

Kibana Security Roles give you granular control of access to your Stacks. Roles allow you to specify cluster permissions, index permissions, document and field level security. By mapping users to roles they gain access based on those permissions.

Tip: Kibana security roles requires a Logit Stack running Opendistro 1.13 onwards

By default all Logit Teams come with the roles shown below for common scenarios, to modify a team roles choose Account Settings > Team Settings from your dashboard. You can add a new team or edit an existing team to modify the roles.

When you add or update a team the roles are automatically synchronised to Kibana security for you, removing the need for manually mapping users to roles in Kibana. You can read more details below about what permissions each role grants to users.

Kibana Stack Administrator

Kibana Role name: stack_admin

This role is assigned by default to all Logit Account Owners and allows them to manage all aspects of Kibana Security including users, roles, mappings and index level security in Kibana.

Kibana User

Kibana Role name: stack_user

Users assigned this role have access to all aspects of the Kibana UI. Users with this role can make changes to visualisations, dashboards, and other Kibana objects.

Kibana User Read Only

Kibana Role name: stack_user_ro

Users assigned this role have Read Only access to all aspects of the Kibana UI. Users with this role cannot make any changes to visualisations, dashboards, and other Kibana objects.

It's worth noting that in order to add someone to the stack_user_ro role you would need to remove them from the stack_user role.

Learn how to give a user Read Only Kibana access

Kibana User Dashboard Only

Kibana Role name: stack_dashboard_only

Users assigned to this role can view all Dashboards as Read Only. Users with this role cannot make any changes to visualisations, dashboards, and other Kibana objects.

Learn how to give a user Dashboard Only Kibana access

Kibana Custom Role

Users assigned to this role can view the Kibana instance but permissions are managed entirely using the Security Roles in Kibana. Use this role if you want to manually manage the permissions for the users e.g. granting them specific index level permissions. Once a team or user has this role you can manage what they see in Kibana by choosing Kibana > Security > Roles, this is explained in further detail below.

Learn how to use the Kibana Custom Role to manage granular access to your Stack

What's next?

Did this answer your question?