diff --git a/docs/management/dashboard_only_mode/advanced_configuration.asciidoc b/docs/management/dashboard_only_mode/advanced_configuration.asciidoc index 70114b6a0afaf..b76559a2e9434 100644 --- a/docs/management/dashboard_only_mode/advanced_configuration.asciidoc +++ b/docs/management/dashboard_only_mode/advanced_configuration.asciidoc @@ -1,19 +1,25 @@ [role="xpack"] [[advanced-dashboard-mode-configuration]] -=== Advanced configuration for Dashboard Only mode +=== Advanced Configuration for Dashboard Only Mode -Kibana comes preconfigured with a reserved role called `kibana_dashboard_only_user` which will be sufficient -for most use cases. However, if your setup requires a custom Kibana index, you can manually create -Dashboard Mode roles. +If {security} is enabled, Kibana has a built-in `kibana_dashboard_only_user` +role that grants read only access to the `.kibana` index. This role is sufficient +for most use cases. However, if your setup requires a custom {kib} index, you can create +your own roles and tag them as *Dashboard only mode*. -To do so, go into *Management > Advanced Settings* and search for `xpackDashboardMode:roles`. Then assign whatever -role names you wish to use to flag a user for Dashboard Only mode. +Go to *Management > Kibana > Advanced Settings* and search for *Dashboard*. By default +`xpackDashboardMode:roles` is set to `kibana_dashboard_only_user`. +Here you can add as many roles as you like. +[role="screenshot"] image:management/dashboard_only_mode/images/advanced_dashboard_mode_role_setup.png["Advanced dashboard mode role setup"] -It isn't necessary for Dashboard Only mode roles to have any additional permissions, but it's a convenient location -to also place access rules to the custom Kibana index. If you wish to grant read only access to your custom Kibana -index, it must have `view_index_metadata` permissions as well as `read` permissions. These role settings are available -under *Management > Security > Roles*. +By default, a *dashboard only mode* user doesn't have access to any data indices. +To grant read only access to your custom {kib} +index, you must assign `view_index_metadata` and `read` privileges. +These privileges are available under *Management > Security > Roles*. +For more information on roles and privileges, see {xpack-ref}/authorization.html[User Authorization]. + +[role="screenshot"] image:management/dashboard_only_mode/images/custom_dashboard_mode_role.png["Custom dashboard mode role with read permissions on a custom kibana index"] diff --git a/docs/management/dashboard_only_mode/images/advanced_dashboard_mode_role_setup.png b/docs/management/dashboard_only_mode/images/advanced_dashboard_mode_role_setup.png index a100a8c374e76..a61ce5b4686b9 100644 Binary files a/docs/management/dashboard_only_mode/images/advanced_dashboard_mode_role_setup.png and b/docs/management/dashboard_only_mode/images/advanced_dashboard_mode_role_setup.png differ diff --git a/docs/management/dashboard_only_mode/images/custom_dashboard_mode_role.png b/docs/management/dashboard_only_mode/images/custom_dashboard_mode_role.png index 516d38e6d2987..e583f04fb4f59 100644 Binary files a/docs/management/dashboard_only_mode/images/custom_dashboard_mode_role.png and b/docs/management/dashboard_only_mode/images/custom_dashboard_mode_role.png differ diff --git a/docs/management/dashboard_only_mode/images/view_only_dashboard.png b/docs/management/dashboard_only_mode/images/view_only_dashboard.png index 39179b68a5105..6b858650638c2 100644 Binary files a/docs/management/dashboard_only_mode/images/view_only_dashboard.png and b/docs/management/dashboard_only_mode/images/view_only_dashboard.png differ diff --git a/docs/management/dashboard_only_mode/images/view_only_listing_page.png b/docs/management/dashboard_only_mode/images/view_only_listing_page.png deleted file mode 100644 index 604932f04d7d7..0000000000000 Binary files a/docs/management/dashboard_only_mode/images/view_only_listing_page.png and /dev/null differ diff --git a/docs/management/dashboard_only_mode/index.asciidoc b/docs/management/dashboard_only_mode/index.asciidoc index 67e1e896688ae..4d965560f636f 100644 --- a/docs/management/dashboard_only_mode/index.asciidoc +++ b/docs/management/dashboard_only_mode/index.asciidoc @@ -2,25 +2,32 @@ [[xpack-dashboard-only-mode]] == Kibana Dashboard Only Mode -{xpack} gives the ability for admins to limit what certain users see when they log in to Kibana with a -reserved `kibana_dashboard_only_user` role. +If {security} is enabled, you can use the `kibana_dashboard_only_user` built-in role to limit +what users see when they log in to {kib}. -When you assign a user this role, the next time they sign in to Kibana they will only be able to see the Dashboard app, -and no editing tools will be available. - -image:management/dashboard_only_mode/images/view_only_listing_page.png["View Only Dashboard Listing Page"] +Users assigned this role are only able to see the Dashboard app in the navigation +pane. When users open a dashboard, they will have a limited visual experience. +All edit and create controls are hidden. +[role="screenshot"] image:management/dashboard_only_mode/images/view_only_dashboard.png["View Only Dashboard"] -IMPORTANT: If a user is also assigned the reserved `superuser` role, they will be able to see all of Kibana and have -full access. +To assign this role, go to *Management > Security > Users*, add or edit +a user, and add the `kibana_dashboard_only_user` role. You must assign roles +that grant the user appropriate data access. For information on roles +and privileges, see {xpack-ref}/authorization.html[User Authorization]. + +The `kibana_dashboard_only_user` role is +preconfigured with read only permissions on the `.kibana` index. + +IMPORTANT: If you assign users the `kibana_dashboard_only_user` role, along with a role +with write permissions on the `.kibana` index, they *will* have write access, +even though the controls remain hidden in the {kib} UI. -The `kibana_dashboard_only_user` role comes preconfigured with read only permissions on the `.kibana` index. +IMPORTANT: If you also assign users the reserved `superuser` role, they will be able to see +all of {kib} and have full access. -IMPORTANT: If you assign a user the `kibana_dashboard_only_user` role, along with a role with write permissions on -the .kibana index, they *will* have write access, even though the controls will remain hidden in the kibana -UI. +<> that use a +custom {kib} index are possible. -For advanced set ups that use a custom Kibana index, -<> are possible. include::advanced_configuration.asciidoc[]