What's the best Kibana multi tenancy free open source project?

6
votes

I'm trying to add a role based access control over Kibana to have different privileges and dashboards for different types of users and I found those projects:

  • Elastic Shield Plugin
  • Search Guard Kibana Multitenancy Module
  • Elasticsearch Read Only Rest Plugin
  • Kibana plugin Own Home

What I found is that:

  • Elastic Shield (now called X-Pack) is the best, but unfortunately it's only 30 days free trial.

  • search guard module is a little complicated and it does the job, but it's not for free for commercial use which isn't suitable for my case.

  • ReadonlyREST plugin allows you to define which user reads which data, and their Enterprise Kibana plugin (non-free) also allows you to assign kibana indices to groups or users.

  • Kibana Plugin Own Home is a workaround solution as it defines different kibana index for different user which isn't practical.

If you know any other projects or any workaround for the mentioned projects above that satisfies my requirements, I'd be so grateful.

3
elasticsearchkibanauser-roles

3 Answers

5
votes

Disclaimer: I work for floragunn, makers of Search Guard.

The only real way to separate dashboards and visualizations based on users/tenants is to place them in separate Kibana indices. This is what both Search Guard and Own Home does.

The reason for this is how Kibana works internally: Out of the box, Kibana will place all of these objects in one global Kibana index, shared by all users. Since Kibana itself has no notion of users, roles or tenants, the only way to do it is to intercept the calls to the Kibana index, and rewrite the index name based on the provided user/role information.

  • Search Guard does this directly on Elasticsearch level, so the tenant dashboards are separated even if you access Elasticsearch directly.
  • Own Home does that on Kibana level, but the effect/outcome is basically the same.
  • X-Pack does not have multi-tenancy for Kibana, so there's no separation of dashboards, only access control on Elasticsearch. Same is true for ReadOnly Rest.

One other option you have is to use the Red Hat OpenShift platform. They have an Elasticsearch plugin that is integrated with the Community Edition of Search Guard, and their own Kibana multi-tenancy module. As far as I know, this plugin is completely free.

1
votes

This use case is now completely supported by ReadonlyREST via the Enterprise Kibana plugin.

And it comes with a lot more multitenancy/multiuser related features:

  • Remove certain Kibana apps to certain users
  • RBAC for indices, tenancies
  • Read only users won't see "save", "delete", "add" buttons in the Kibana UI

I made a video months ago that shows how this looks like.

Disclaimer: I work at ReadonlyREST, happy to take questions! :-)

0
votes

Open Distro for Elasticsearch is a very good opensource project for multitenancy configuration in kibana. But the problem is proper documentation is not available easily for the older versions.

Set up Multi-Tenant Kibana Access in Open Distro for Elasticsearch Kibana multi-tenancy