security of using this and avoid user modifying javascript to remove filters and see more data?

[agonzalezm]

I want to have embed dashboard on my website that will change dynamically to show data only for the logged in user that is map with a elasticsearch field document like user_id.

But using this plugin looks like any can open browser tools and modify javascript method to change filter to * and view all data from all users.

Any method to avoid this?

[ytzlax]

Do you use x-pack or searchguard ? (https://github.com/floragunncom/search-guard)

[agonzalezm]

No, also i dont see how can that help, i dont want to have a login user/password in xpack for each different user i want to show data. I want to filter that in my application.

[agonzalezm]

with xpack/searchguard i know i can define user/password and associate some filter but then my app will have to know all user/password in xpack right? and aslo can i have one dashboard shared across all users or i need to define dashboard again and again on every user/role in kibana.

[ytzlax]

First ,I recommend you to protect your elasticsearch index, otherwise the users can reach your kibana embedded url and navigate to kibana admin(5601 port) and then go to "dev tools" tab and there delete your index.

I have a question: There is a different in kibana dashboard between two users for example different visualisation or the only different thing is the data?

[agonzalezm]

no difference in dashboard, we want to use same dashboard, just data change across users logged into my website

[ytzlax]

So unfortunately, I think that kibana-API is not the plugin that you looking for, kibana API expose kibana(not elasticsearch) functionality like create visualisation dynamically, create index pattern dynamically etc. As I understand your problem is how to expose specific data to specific user, it is not this plugin scope.

I have two suggestions: 1) create different index for each user, then in kibana embedded URL change the index pattern for specific user,in this solution you can use kibana-API plugin to create the index-pattern dynamically. 2) Like I said try use search-guard, I think it exactly what you looking for

[agonzalezm]

ok, i understand. Thanks!