Currently there is some security implemented with Kibana-backend and api-server:
Kibana-backend is a proxy, able to serve Kibana UI
Kibana-backend re-route the user to keycloak for authentication
Kibana is connected to the api-server to collect data, instead of elasticsearch
api-server is implementing basic authorization.
Currently the authorization is: DELETE forbidden on all indexes.
However this is a bit restrictive: you cannot delete an index pattern for example.
Index patterns are stored on .kibana.
Proposed solution:
Implement authorization based on index names. e.g. .kibana index can be modified only by administrators.
Normal users can access the index that corresponds to a domain they own.
Currently there is some security implemented with Kibana-backend and api-server:
Currently the authorization is: DELETE forbidden on all indexes. However this is a bit restrictive: you cannot delete an index pattern for example. Index patterns are stored on .kibana.
Proposed solution: Implement authorization based on index names. e.g. .kibana index can be modified only by administrators. Normal users can access the index that corresponds to a domain they own.