Reporting operates by creating and updating documents in Elasticsearch in response to user interation in Kibana.
To use Reporting with Shield enabled, you need to set up Kibana to work with Shield. You also need to create a role that grants access to the Reporting indices and assign this role to all users you want to allow to generate reports.
Setting Up A Reporting Role
Similar to how you added a my_kibana_user user role to roles.yml to allow
users to use Kibana, you will need to create a role for those users to user Reporting as well.
Users will need both permissions to use the Reporting interface in Kibana
Create a
reporting_userrole that assigns read and write privileges to the reporting indices:reporting_user: indices: - names: '.reporting-*' privileges: - read - writeIf you prefer, you can add the reporting index permissions to an existing role.
Assign the
reporting_userand your Kibana user role to all users you want to allow to use Reporting.If you’re using the default
filerealm, you can assign roles when you add a user, or modify the role assignments with therolescommand. For example, the following command creates a user namedbillmurrand assigns themy_kibana_userandreporting_userroles:esusers useradd billmurr -r my_kibana_user,reporting_user -p password
If you are using an LDAP or Active Directory realm, you can either assign roles on a per user basis, or assign roles to groups of users. By default, role mappings are configured in
config/shield/role_mapping.yml. For example, the following snippet assigns the user named Bill Murray to themy_kibana_userandreporting_userroles:my_kibana_user: - "cn=Bill Murray,dc=example,dc=com" reporting_user: - "cn=Bill Murray,dc=example,dc=com"