Elasticsearch Role Permissions

Saarbruecken

Saarbruecken

Active member
I can't see the wood for the trees -- so please forgive me this (probably stupid) question:
Which role permissions must be used in Kibana so an user account and its assigned role does only have the permissions assigned to its dedicated index?

I can't find the information through Google, which probably means that I bark up the wrong tree. I have been searching the web for... now four hours.

What I have been doing so far:
  • Installed Elasticsearch and Kibana according to Elasticsearch knowledge base articles.
  • Certificates are in place and things are already working properly when using the elastic admin account.
  • HTTPS/TLS is working properly as well + I have valid certificates in place.
  • I created an index, an user and a role and I assigned the user to that role. But which index permissions do I have to assign?
I just want to make sure, the user can only write to the assigned index and want to avoid entering the admin password for Elasticsearch in Xenforo. Thanks guys!
 
I was recently asked, how I managed to resolve this.

The idea: create an account, with only write access to the assigned Index but without any access to Kibana or to any other Index / Elastic Search resource.


Step 1:
Create a new role, enter a name e. g. identical to the created user and scroll down to Index Privileges. Here, you enter the name of the created Index.

1767186820614.webp

Step 2:
Apply the required permissions, so the Index can be re-created, deleted, rebuild any time through the XenForo Admin Panel.

1767186925993.webp
Click Create Rule and you are done!

Step 3:
Now create a new user -- I use the identical name for Index, User and Role to keep it simple. Assign the following privileges: enrich_user and the newly created role from Step 1 and Step 2.


1767187207509.webp

Click Create User and you are done!

Step 4:
Configure Enhanced Search in the XenForo Admin Panel:

1767187394972.webp

1767187459491.webp

Run Optimization if suggested and rebuild the search index.

1767187522609.webp

You now have an unprivileged account for Enhanced Search with only access to its dedicated Index but no further access to Kibana or Elastic Search itself. When attempting to log onto Kibana you should see this:

1767187734945.webp

I hope this helps. :)

Happy holidays!
 
You must log in or register to reply here.

Similar threads

htsumer
  • Question Question
XF 2.3 Enhanced Search requires at least Elasticsearch 7.2.
Replies
1
Views
73
Lee
L
M
  • Question Question
ES 2.3 Elasticsearch Error
Replies
1
Views
56
ekool
ekool
C
Is anyone using Plesk + Elasticsearch?
Replies
3
Views
71
CL4Y
C
MapleOne
  • Question Question
XF 2.3 EnhancedSearch > ElasticSearch on Xenforo Cloud
Replies
1
Views
60
MapleOne
MapleOne
Alpha1
  • Suggestion Suggestion
Top Search Queries log & Widget (Show what users cannot find)
Replies
0
Views
26
Alpha1
Alpha1
Back
Top Bottom