github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Docs] - Deprecate kibana_user role (#54606)

Browse source 
* rename kibana_user => kibana_admin

* add migration note

* [DOCS] Fixes link for use in multiple books

* i18n fixes after merge from master

* fix i18n

* Apply suggestions from code review

Co-Authored-By: gchaps <33642766+gchaps@users.noreply.github.com>

* Apply suggestions from code review

Co-Authored-By: Brandon Kobel <brandon.kobel@gmail.com>

Co-authored-by: Lisa Cawley <lcawley@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
Co-authored-by: Brandon Kobel <brandon.kobel@gmail.com>
This commit is contained in:
Larry Gregory 2020-01-31 14:26:12 -05:00 committed by GitHub
parent e24863ed86
commit 74ee0d0ba4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
27 changed files with 94 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/user/security/authorization/index.asciidoc
View file

@ -2,11 +2,11 @@
[[xpack-security-authorization]]
=== Granting access to {kib}
The Elastic Stack comes with the `kibana_user` {ref}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges.
The Elastic Stack comes with the `kibana_admin` {ref}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges.
When you assign a user multiple roles, the user receives a union of the roles privileges. Therefore, assigning the `kibana_user` role in addition to a custom role that grants Kibana privileges is ineffective because `kibana_user` has access to all the features in all spaces.
When you assign a user multiple roles, the user receives a union of the roles privileges. Therefore, assigning the `kibana_admin` role in addition to a custom role that grants Kibana privileges is ineffective because `kibana_admin` has access to all the features in all spaces.
NOTE: When running multiple tenants of Kibana by changing the `kibana.index` in your `kibana.yml`, you cannot use `kibana_user` to grant access. You must create custom roles that authorize the user for that specific tenant. Although multi-tenant installations are supported, the recommended approach to securing access to Kibana segments is to grant users access to specific spaces.
NOTE: When running multiple tenants of Kibana by changing the `kibana.index` in your `kibana.yml`, you cannot use `kibana_admin` to grant access. You must create custom roles that authorize the user for that specific tenant. Although multi-tenant installations are supported, the recommended approach to securing access to Kibana segments is to grant users access to specific spaces.
[role="xpack"]
=== {kib} role management