github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Docs] Update security and spaces docs/screenshots (#105652)

Browse source
This commit is contained in:
Joe Portner 2021-07-15 16:04:33 -04:00 committed by GitHub
parent 78d6fc553d
commit 15b4981b1d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
46 changed files with 88 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

26
docs/user/security/authorization/index.asciidoc
View file

@ -63,11 +63,13 @@ With field-level security (FLS), you can instruct {es} to grant or deny access t
.. `read` and `view_index_metadata` in the **Privileges** field.
[role="screenshot"]
image::user/security/images/create-role-index-example.png[Create role with index privileges]
image::security/images/create-role-index-example.png[Create role with index privileges]
[[index_privilege_dls_example]]
===== Example: Grant read access to specific documents in indices that match the `filebeat-*` pattern
{ref}/document-level-security.html[Document-level security] is a https://www.elastic.co/subscriptions[subscription feature].
. Go to **Stack Management > Roles**, and then click **Create role**.
. In **Index privileges**, enter:
.. `filebeat-*` in the **Indices** field.
@ -87,7 +89,7 @@ image::user/security/images/create-role-index-example.png[Create role with index
NOTE: {kib} automatically surrounds your DLS query with a `query` block, so you don't have to provide your own.
[role="screenshot"]
image::user/security/images/create-role-dls-example.png[Create role with DLS index privileges]
image::security/images/create-role-dls-example.png[Create role with DLS index privileges]
[[adding_kibana_privileges]]
==== {kib} privileges
@ -95,9 +97,9 @@ image::user/security/images/create-role-dls-example.png[Create role with DLS ind
To assign {kib} privileges to the role, click **Add {kib} privilege** in the {kib} section.
[role="screenshot"]
image::user/security/images/add-space-privileges.png[Add {kib} privileges]
image::spaces/images/spaces-roles.png[Add {kib} privileges]
Open the **Spaces** selection control to specify whether to grant the role access to all spaces *** Global (all spaces)** or one or more individual spaces. If you select *** Global (all spaces)**, you cant select individual spaces until you clear your selection.
Open the **Spaces** selection control to specify whether to grant the role access to all spaces **All Spaces** or one or more individual spaces. If you select **All Spaces**, you cant select individual spaces until you clear your selection.
Use the **Privilege** menu to grant access to features. The default is **Custom**, which you can use to grant access to individual features. Otherwise, you can grant read and write access to all current and future features by selecting **All**, or grant read access to all current and future features by selecting **Read**.
@ -111,7 +113,7 @@ To apply your changes, click **Add {kib} privilege**. The privilege shows up und
[role="screenshot"]
image::user/security/images/create-space-privilege.png[Add {kib} privilege]
image::security/images/create-space-privilege.png[Add {kib} privilege]
==== Feature availability
@ -139,9 +141,9 @@ Features are available to users when their roles grant access to the features, *
==== Assigning different privileges to different spaces
Using the same role, its possible to assign different privileges to different spaces. After youve added privileges, click **Add {kib} privilege**. If youve already added privileges for either *** Global (all spaces)** or an individual space, you will not be able to select these in the **Spaces** selection control.
Using the same role, its possible to assign different privileges to different spaces. After youve added privileges, click **Add {kib} privilege**. If youve already added privileges for either **All Spaces** or an individual space, you will not be able to select these in the **Spaces** selection control.
Additionally, if youve already assigned privileges at *** Global (all spaces)**, you are only able to assign additional privileges to individual spaces. Similar to the behavior of multiple roles granting the union of all privileges, {kib} privileges are also a union. If youve already granted the user the **All** privilege at *** Global (all spaces)**, youre not able to restrict the role to only the **Read** privilege at an individual space.
Additionally, if youve already assigned privileges at **All Spaces**, you are only able to assign additional privileges to individual spaces. Similar to the behavior of multiple roles granting the union of all privileges, {kib} privileges are also a union. If youve already granted the user the **All** privilege at **All Spaces**, youre not able to restrict the role to only the **Read** privilege at an individual space.
==== Privilege summary
@ -149,7 +151,7 @@ Additionally, if youve already assigned privileges at *** Global (all spaces)
To view a summary of the privileges granted, click **View privilege summary**.
[role="screenshot"]
image::user/security/images/view-privilege-summary.png[View privilege summary]
image::security/images/view-privilege-summary.png[View privilege summary]
==== Example 1: Grant all access to Dashboard at an individual space
@ -160,7 +162,7 @@ image::user/security/images/view-privilege-summary.png[View privilege summary]
. Click **Add {kib} privilege**.
[role="screenshot"]
image::user/security/images/privilege-example-1.png[Privilege example 1]
image::security/images/privilege-example-1.png[Privilege example 1]
==== Example 2: Grant all access to one space and read access to another
@ -173,12 +175,12 @@ image::user/security/images/privilege-example-1.png[Privilege example 1]
. Click **Add {kib} privilege**.
[role="screenshot"]
image::user/security/images/privilege-example-2.png[Privilege example 2]
image::security/images/privilege-example-2.png[Privilege example 2]
==== Example 3: Grant read access to all spaces and write access to an individual space
. Click **Add {kib} privilege**.
. For **Spaces**, select *** Global (all spaces)**.
. For **Spaces**, select **All Spaces**.
. For **Privilege**, select **Read**.
. Click **Add {kib} privilege**.
. For **Spaces**, select the individual space.
@ -186,4 +188,4 @@ image::user/security/images/privilege-example-2.png[Privilege example 2]
. Click **Add {kib} privilege**.
[role="screenshot"]
image::user/security/images/privilege-example-3.png[Privilege example 3]
image::security/images/privilege-example-3.png[Privilege example 3]

6
docs/user/security/authorization/kibana-privileges.asciidoc
View file

@ -14,7 +14,7 @@ Assigning a base privilege grants access to all {kib} features, such as *Discove
From the role management screen:
[role="screenshot"]
image::user/security/images/assign_base_privilege.png[Assign base privilege]
image::security/images/assign-base-privilege.png[Assign base privilege]
From the <<role-management-api-put, role management API>>:
[source,js]
@ -45,13 +45,13 @@ Assigning a feature privilege grants access to a specific feature.
===== Sub-feature privileges
Some features allow for finer access control than the `all` and `read` privileges.
This additional level of control is available in the Gold subscription level and higher.
This additional level of control is a https://www.elastic.co/subscriptions[subscription feature].
===== Assigning feature privileges
From the role management screen:
[role="screenshot"]
image::user/security/images/assign_feature_privilege.png[Assign feature privilege]
image::security/images/assign-subfeature-privilege.png[Assign feature privilege]
From the <<role-management-api-put, role management API>>:
[source,js]