github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

Updates Management doc to reflect new navigation (#67506)

Browse source 
* [DOCS] Updates Management page to reflect new navigation

* [DOCS] Adds link to security doc

* [DOCS] Incorporates review comments
This commit is contained in:
gchaps 2020-05-28 08:55:49 -07:00 committed by GitHub
parent 57345e092e
commit 0302a45664
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 118 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/user/security/authorization/index.asciidoc
View file

@ -2,16 +2,17 @@
[[xpack-security-authorization]]
=== Granting access to {kib}
The Elastic Stack comes with the `kibana_admin` {ref}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges.
The Elastic Stack comes with the `kibana_admin` {ref}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges.
When you assign a user multiple roles, the user receives a union of the roles privileges. Therefore, assigning the `kibana_admin` role in addition to a custom role that grants Kibana privileges is ineffective because `kibana_admin` has access to all the features in all spaces.
NOTE: When running multiple tenants of Kibana by changing the `kibana.index` in your `kibana.yml`, you cannot use `kibana_admin` to grant access. You must create custom roles that authorize the user for that specific tenant. Although multi-tenant installations are supported, the recommended approach to securing access to Kibana segments is to grant users access to specific spaces.
[role="xpack"]
[[xpack-kibana-role-management]]
=== {kib} role management
To create a role that grants {kib} privileges, go to **Management -> Security -> Roles** and click **Create role**.
To create a role that grants {kib} privileges, go to **Management -> Security -> Roles** and click **Create role**.
[[adding_kibana_privileges]]
==== Adding {kib} privileges
@ -63,7 +64,7 @@ Features are available to users when their roles grant access to the features, *
Using the same role, its possible to assign different privileges to different spaces. After youve added space privileges, click **Add space privilege**. If youve already added privileges for either *** Global (all spaces)** or an individual space, you will not be able to select these in the **Spaces** selection control.
Additionally, if youve already assigned privileges at *** Global (all spaces)**, you are only able to assign additional privileges to individual spaces. Similar to the behavior of multiple roles granting the union of all privileges, space privileges are also a union. If youve already granted the user the **All** privilege at *** Global (all spaces)**, youre not able to restrict the role to only the **Read** privilege at an individual space.
Additionally, if youve already assigned privileges at *** Global (all spaces)**, you are only able to assign additional privileges to individual spaces. Similar to the behavior of multiple roles granting the union of all privileges, space privileges are also a union. If youve already granted the user the **All** privilege at *** Global (all spaces)**, youre not able to restrict the role to only the **Read** privilege at an individual space.
==== Privilege summary
@ -111,4 +112,3 @@ image::user/security/images/privilege-example-2.png[Privilege example 2]
[role="screenshot"]
image::user/security/images/privilege-example-3.png[Privilege example 3]