Elastic users (or tokens)
editElastic users (or tokens)
editEnterprise Search is a set of features. Many features, such as the web crawler and connectors, operate directly on Elasticsearch indices. Other features are part of the App Search and Workplace Search products. To use any of these features, you need an Elastic user (or token) with the necessary access permissions.
When developing and testing, use a deployment superuser.
These include the Elastic Cloud user that created the deployment and the built-in elastic
user created with the deployment.
These users have access to all features within the deployment.
However, in production-like environments, users should have only the access they require. Your user account may therefore have limited access, and you may need to request additional access to use a feature.
For all Elastic features, access is controlled through privileges, roles, users, and tokens.
App Search and Workplace Search define additional product-specific roles and provide their own role mapping interfaces. They also provide their own access tokens.
Learn more in the following sections:
Deployment superuser
editWhen developing and testing, use a deployment superuser
.
These include the Elastic Cloud user that created the deployment and the built-in elastic
user created with the deployment.
These users have access to all features within the deployment.
You can develop and test without worrying about how granular access works.
The elastic
user is an Elastic Stack built-in user.
This user can manage security and create roles with unlimited privileges.
Learn more in the Elasticsearch documentation.
Privileges, roles, users, and tokens
editPrivileges and roles
editPrivileges control access to each Elastic feature.
The Elasticsearch user authorization documentation lists the privileges that you can assign to a role.
For example, Enterprise Search users must have read
and manage
privileges for Elasticsearch indices with the pattern search-*
in order to create an Elasticsearch index in the Kibana UI.
Roles are a collection of privileges that allow you to perform actions. You assign privileges to roles and assign (or map) roles to users. Learn what privileges individual roles grant in the Elasticsearch built-in roles documentation.
Learn more about roles and role mapping:
Users and tokens
editElastic deployment operators can create users directly within their Elastic deployment or use existing users from an external identity provider (IdP). When creating users within the deployment, roles are directly assigned to users. When using external users, roles are mapped. Learn more about authorization in Elasticsearch.
Elastic users can create tokens, such as API keys, that delegate some or all of their access to another user, machine, or service. Developers often need these when writing integrations between Elastic and other services. Tokens are always created within a deployment, therefore roles are assigned directly (not mapped). See the Elasticsearch API key documentation for more information. See also the Kibana API key documentation.
Access to App Search and Workplace search features
editAdditionally, App Search and Workplace Search each define product-specific roles to control access to their features. They each provide their own role mapping UIs that are separate from default Kibana role mapping UI. App Search and Workplace Search also provide their own access tokens.
Learn more about:
Kibana spaces
editKibana spaces allow you to organize your dashboards and other saved objects into meaningful categories.
This is another way to control feature access. For example, you might have different features available to users in your "General User" space versus your "Admin" space.
At a minimum, you must have access to Enterprise Search in your space, in order to use the product in Kibana.