Version: 6.x-23
Enterprise

Read only mode

Search Guard provides a read only mode for Kibana. When a user is assigned to this mode, only the Dashboards and, if configured, the Multitenancy navigation entries are accessible.

Thus, a user can view already configured dashboards and change tenants, but is not able to use any other functionalities of Kibana.

Defining read only roles

The Kibana read only mode is based on the Search Guard roles of a user:

If a user is assigned to one or more configured read only roles, the Kibana read only mode is activated automatically upon login.

Use the following entry in kibana.yml to configure the read only roles:

searchguard.readonly_mode.roles: ["sg_read_only_1", "sg_read_only_2", ...]

If a Search Guard user has either the role sg_read_only_1 or sg_read_only_2, the Kibana read only mode is activated.

Read only mode: effects

In read only mode:

  • Only the Dashboard application is accessible
  • Only the Dashboard and (if configured) the Multitenancy links are visible
  • The controls to create, edit and delete Dashboards are hidden
  • All tenants are switched to read only automatically