github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-29 03:24:45 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/user/security/securing-kibana.asciidoc
florent-leborgne 8e7fb7a77e
[Docs] Update nav instructions and sample data installation to accommodate for the solution views (#199163) 
This PR:
- updates navigation instructions to accommodate for the navigation
changes related to solution views.
- updates instructions for adding sample data to rely on the
integrations page instead of the home page, that only exists with the
classic solution view
- updates references to the home page to avoid confusing users using one
of the new solution views

Closes: https://github.com/elastic/platform-docs-team/issues/529
Closes: https://github.com/elastic/platform-docs-team/issues/540
2024-11-08 11:10:32 +01:00

112 lines
4.6 KiB
Text
Raw Blame History

[role="xpack"]
[[using-kibana-with-security]]
== Configure security in {kib}
++++
<titleabbrev>Configure security</titleabbrev>
++++
When you start {es} for the first time, {stack-security-features} are enabled on
your cluster and TLS is configured automatically. The security configuration
process generates a password for the `elastic` user and an enrollment token for
{kib}.
{ref}/configuring-stack-security.html[Start the {stack} with security enabled]
and then enroll {kib} as part of the configuration process.
You can then log in to {kib} as the `elastic` user to create additional roles
and users.
NOTE: When a user is not authorized to view data in an index (such as an {es}
index), the entire index will be inaccessible and not display in {kib}.
[discrete]
[[security-configure-settings]]
=== Configure security settings
Set an encryption key so that sessions are not invalidated. You can optionally
configure additional security settings and authentication.
. Set the `xpack.security.encryptionKey` property in the `kibana.yml`
configuration file. You can use any text string that is 32 characters or longer
as the encryption key. Refer to <<xpack-security-encryptionKey,`xpack.security.encryptionKey`>>.
+
--
[source,yaml]
----
xpack.security.encryptionKey: "something_at_least_32_characters"
----
{kib}'s reporting and saved objects features also have encryption key settings.
Refer to <<xpack-reporting-encryptionKey,`xpack.reporting.encryptionKey`>> and
<<xpack-encryptedSavedObjects-encryptionKey,`xpack.encryptedSavedObjects.encryptionKey`>>
respectively.
--
. Optional: <<xpack-security-session-management,Configure {kib}'s session expiration settings>>.
. Optional: <<elasticsearch-mutual-tls,Configure {kib} to authenticate to {es} with a client certificate>>.
. Restart {kib}.
[discrete]
[[security-create-roles]]
=== Create roles and users
Configure roles for your {kib} users to control what data those users can
access.
. Temporarily log in to {kib} using the built-in `elastic` superuser so you can
create new users and assign roles. If you are running {kib} locally, go to
`https://localhost:5601` to view the login page.
+
NOTE: The password for the built-in `elastic` user is generated as part of the
security configuration process on {es}. If you need to reset the password for
the `elastic` user or other built-in users, run the
{ref}/reset-password.html[`elasticsearch-reset-password`] tool.
. [[kibana-roles]]Create roles and users to grant access to {kib}.
+
--
To manage privileges in {kib}, go to the *Roles* management page using the navigation menu or the
<<kibana-navigation-search,global search field>>. The built-in `kibana_admin` role will grant
access to {kib} with administrator privileges. Alternatively, you can create additional roles that grant limited access to {kib}.
If you're using the default native realm with Basic Authentication, go to the *Users* management page using the navigation menu or the
<<kibana-navigation-search,global search field>> to create
users and assign roles, or use the {es} {ref}/security-api.html#security-user-apis[user management APIs]. For example, the following creates
a user named `jacknich` and assigns it the `kibana_admin` role:
[source,js]
--------------------------------------------------------------------------------
POST /_security/user/jacknich
{
"password" : "t0pS3cr3t",
"roles" : [ "kibana_admin" ]
}
--------------------------------------------------------------------------------
// CONSOLE
TIP: For more information on Basic Authentication and additional methods of authenticating {kib} users, see <<kibana-authentication>>.
--
. Grant users access to the indices that they will be working with in {kib}.
+
--
TIP: You can define as many different roles for your {kib} users as you need.
For example, create roles that have `read` and `view_index_metadata` privileges
on specific data views. For more information, see
{ref}/authorization.html[User authorization].
--
. Log out of {kib} and verify that you can log in as a normal user. If you are running {kib} locally, go to `https://localhost:5601` and
enter the credentials for a user you've assigned a {kib} user role. For example, you could log in as the user `jacknich`.
+
NOTE: This must be a user who has been assigned <<kibana-privileges, Kibana privileges>>. {kib} server credentials (the built-in
`kibana_system` user) should only be used internally by the {kib} server.
include::authentication/index.asciidoc[]
include::securing-communications/elasticsearch-mutual-tls.asciidoc[]
include::audit-logging.asciidoc[]
include::access-agreement.asciidoc[]
include::session-management.asciidoc[]
include::secure-saved-objects.asciidoc[]
Reference in a new issue View git blame Copy permalink