Managing Role-Based Access Control in Elasticsearch and Kibana Based on Field Values

Last Updated : 23 Jul, 2025

Elasticsearch and Kibana are powerful tools for managing and analyzing large datasets. Ensuring secure and controlled access to these datasets is essential, especially when different users or roles require access to specific subsets of data based on field values. This is where Role-Based Access Control (RBAC) comes into play.

In this article, we will explore how to manage RBAC in Elasticsearch and Kibana based on field values, providing detailed examples and outputs to guide you through the process.

Understanding Role-Based Access Control (RBAC)

RBAC is a method of regulating access to a system or network based on the roles of individual users within an organization. The roles define what actions a user can perform and what data they can access. In the context of Elasticsearch and Kibana, RBAC can be used to restrict access to specific documents or fields within an index.

Prerequisites

Before we dive into managing RBAC based on field values, ensure you have the following:

Elasticsearch and Kibana are installed and running.
Basic knowledge of Elasticsearch indices, documents, and REST API.
X-Pack security is enabled in your Elasticsearch setup.

Enabling X-Pack Security

X-Pack security features must be enabled to use RBAC in Elasticsearch and Kibana. If you haven't already enabled it, you can do so by adding the following configuration to your elasticsearch.yml file:

xpack.security.enabled: true

After making this change, restart your Elasticsearch instance.

Setting Up Role-Based Access Control

To manage RBAC based on field values, we'll perform the following steps:

Define roles with document- and field-level security.
Create users and assign them to roles.
Use these roles and users to control access in Kibana.

Step 1: Define Roles with Document- and Field-Level Security

You can define roles in Elasticsearch using the Kibana UI or the REST API. Let's start by creating roles that restrict access based on field values.

Using Kibana

Open Kibana and go to Management > Security > Roles.
Click Create role.
Define the role name and index privileges.
Use the Document Level Security section to add a query that filters documents based on field values.
Use the Field Level Security section to restrict access to specific fields.

Using the REST API

Here is an example of creating a role using the REST API:

curl -X POST "localhost:9200/_security/role/sales_role" -H 'Content-Type: application/json' -d'
{
 "indices": [
 {
 "names": [ "sales_data" ],
 "privileges": [ "read" ],
 "query": {
 "term": { "department": "sales" }
 },
 "field_security": {
 "grant": [ "customer_name", "purchase_amount", "department" ]
 }
 }
 ]
}'

Step 2: Create Users and Assign Roles

Next, create users and assign them the roles you defined. This can be done via the Kibana UI or the REST API.

Using Kibana

Open Kibana and go to Management > Security > Users.
Click Create user.
Fill in the username, password, and assign the role you created.

Using the REST API

Create a user and assign the role using the REST API:

curl -X POST "localhost:9200/_security/user/john_doe" -H 'Content-Type: application/json' -d'
{
 "password" : "password123",
 "roles" : [ "sales_role" ],
 "full_name" : "John Doe",
 "email" : "john.doe@example.com"
}'

Step 3: Verify Access Control

To verify that the access control is working, log in to Kibana as the user you created and try to access the data.

Example: Querying Data with Restricted Access

curl -u john_doe:password123 -X GET "localhost:9200/sales_data/_search" -H 'Content-Type: application/json' -d'
{
 "query": {
 "match_all": {}
 }
}'

Output

The response should only include documents from the sales_data index where the department field value is sales and should only show the customer_name, purchase_amount, and department fields:

{
 "took": 5,
 "timed_out": false,
 "_shards": {
 "total": 1,
 "successful": 1,
 "skipped": 0,
 "failed": 0
 },
 "hits": {
 "total": {
 "value": 1,
 "relation": "eq"
 },
 "max_score": 1.0,
 "hits": [
 {
 "_index": "sales_data",
 "_id": "1",
 "_score": 1.0,
 "_source": {
 "customer_name": "Alice Smith",
 "purchase_amount": 100,
 "department": "sales"
 }
 }
 ]
 }
}

Testing Field-Level Security

To test our setup, let's index some documents and query them as the data_analyst user.

Step 1: Index Documents

Index a document with sensitive fields:

curl -u my_user:mypassword -X POST "localhost:9200/sales_data/_doc/1" -H 'Content-Type: application/json' -d'
{
 "customer_name": "John Doe",
 "purchase_date": "2023-05-01",
 "amount": 100,
 "credit_card_number": "4111111111111111"
}'

Step 2: Query Documents as data_analyst

Query the document as the data_analyst user:

curl -u jane_doe:password123 -X GET "localhost:9200/sales_data/_search" -H 'Content-Type: application/json' -d'
{
 "query": {
 "match_all": {}
 }
}'

Output

The response should exclude the credit_card_number field:

{
 "took": 15,
 "timed_out": false,
 "_shards": {
 "total": 1,
 "successful": 1,
 "skipped": 0,
 "failed": 0
 },
 "hits": {
 "total": {
 "value": 1,
 "relation": "eq"
 },
 "max_score": 1.0,
 "hits": [
 {
 "_index": "sales_data",
 "_id": "1",
 "_score": 1.0,
 "_source": {
 "customer_name": "John Doe",
 "purchase_date": "2023-05-01",
 "amount": 100
 }
 }
 ]
 }
}

Notice that the credit_card_number field is not present in the output, demonstrating field-level security in action.

Managing Field-Level Security in Kibana

Kibana provides a user-friendly interface for managing security settings, including field-level security.

Step 1: Define Roles in Kibana

Open Kibana and go to Management > Security > Roles.
Click Create role.
Define the role name, index patterns, and field-level security.

For example, create a role data_viewer with access to specific fields:

Role name: data_viewer
Indices: sales_data
Privileges: read
Field-level security: Grant access to customer_name, purchase_date, and amount.

Step 2: Assign Roles to Users in Kibana

Open Kibana and go to Management > Security > Users.
Edit the user and assign the data_viewer role.

Step 3: Query Data in Kibana

Log in to Kibana as the data_viewer user and navigate to Discover. You should see data from the sales_data index without the sensitive fields.

Conclusion

Managing Role-Based Access Control (RBAC) in Elasticsearch and Kibana based on field values provides fine-grained control over who can access specific pieces of data. By following the steps outlined in this article, you can enhance the security of your Elasticsearch deployment, ensuring that users only see data relevant to their roles.

This guide covered enabling security features, defining roles with field-level security, creating and assigning users, and testing the configuration. Additionally, it demonstrated managing RBAC using both the Elasticsearch REST API and the Kibana UI.

Implementing RBAC based on field values helps maintain data integrity, ensures compliance with security policies, and protects sensitive information, making your Elasticsearch and Kibana deployment more robust and secure.

Comment

Article Tags:

Databases

Elasticsearch

Explore

Elasticsearch Fundamentals

Concepts of Elasticsearch

Data Indexing and Querying

Advanced Querying and Full-text Search

Data Modeling and Mapping

Scaling and Performance

Data Ingestion and Processing

Advanced Indexing Techniques

Monitoring and Optimization

Courses

URL: https://www.geeksforgeeks.org/elasticsearch/managing-role-based-access-control-in-elasticsearch-and-kibana-based-on-field-values/