I am trying to setup elasticsearch/kibana in AWS and we've successfully created enough so we can access it using the 'elasticmaster' role. We can login and input data with this user.
However, we have users who will be creating reports, visualisations etc but we definitely do not want them creating data.
The permission set in kibana seems very odd and unintuitive. Can someone please let me know what permissions this "reporting" user would need. They'll want access to pretty much all the indexes, just read only but they will need permissions to create index patters, visualisations etc.
We're using ES 7.10.
Related
When permission is given to user via publish app, it doesn't apply read permissio to the dataset if the dataset resides in another workspace.
Example: Say dataset is in WorkspaceA. Report connecting to this dataset is in WorkspaceB. I create an app in workspaceB- in app permission tab I add user who can access the app.
This doesn't automatically give read permission to the dataset since it resides in a different workspace. I have to manually give read access to users via the 'manage permissions' on the dataset.
Also, the checkmarks like the Allow all users to connect to apps underlying dataset using build permission, allow users to make copy of reports, allow users to share app and apps underlying dataset using share permissions seem to have no effect. What is the reason for this?
I have a public provisioned Elasticsearch endpoint created on AWS. This gets me a public Kibana login endpoint. I got a default master username with it and a password. I can login, I created an index pattern, and I can see my data.
So far so good.
Now I wanted to give some users access. I created a couple of new users. Then in the user management section, gave them roles all_access, in the hope they should be able to see everything.
They can login, but instead of using my already created index pattern, they are prompted to create a new one.
Is that how it works? Do they need to create their own index pattern? Can't they just re-use my already created index pattern and directly go to discover and query the data?
Obviously, I am a newbie with Kibana and ES.
The issue here is that Kibana tracks index patterns within tenants. When users log in, they default into their private tenant. In order to have shared index patterns they need to exist in the Global tenant or else in a custom tenant. Additionally, the user will need to switch into the shared/public tenant where the objects exist.
I am using allauth for registering users and I would like to give permissions to users automatically after they created a local account or using social login.
A good example would be only 1 user to be able to create posts and comments whilst the rest of the users to be able to only create comments.
Looking around I have seen that you can create Groups and through those you can give certain permissions, is this the right way to handle this? Or are there some better avenues worth exploring?
Many thanks.
I want to use the teiid data roles functionality. This works as I can enable write access etc. for an admin user only for example. Accessing the data by the oData API nicely shows an login dialog and all works. Now I want other users (anonymous users, users "not logged in") to be able to read certain tables. So I also created a data role "visitor" with read access to all tables, but this doesn't seem to work as I get the error message:
TEIID30492 User <anonymous> is not entitled to action <CREATE> for 1 or more of the groups/elements/procedures.'
Also enabling "apply this role to all users" and defining an anonymous user doesn't seem to work.
So it looks like I have to assign permissions to some kind of "anonymous user" to get this working. Any ideas? Thanks.
Creating two different vdb's with different permissions could also be a solution, but can be more maintenance etc.
I have to sync account information across 3 different platforms. I wrote a password script that will update a users account information in LDAP, our Student Information System, and in gmail (for edu). I had no issues with older migration api, but that is going away in the coming months.
I wrote a new library to use oauth2 and the adminSDK to manage my user accounts. Im using a service account and specifying a superadmin account to preform account creations and password updates. This works perfectly fine with normal accounts. However, it seems that I cannot reset my own password (Im an admin).
So far the things that my library can do are: search, create, update, and delete NON-ADMIN accounts. Things that do not work: promote an account to admin, undelete an account, change admin account information (password for example).
Changing admin account info results in: "Not Authorized to access this resource/api" error.
Is there any way to get around this issue? If not, this severely cripples my ability to use the new API to manage my users. well, the admin users anyway. I need it to work for all users, even the hand full of administrators. I simply don'y see the point of a service account impersonating an admin, and then does not have all the proper rights to change account info on all accounts, especially when the previous API allowed it.
please advise.
I can also provide my library for anyone interested in using it.
-Jerry
I figured out my issue.
When I started this project, I created a google account for this project and assigned it superadmin role.
I was revisiting my project today and I was getting the same errors when trying to update admin accounts. I signed into the project's admin gmail account.... and accepted the terms...
now my library works perfectly. yay.