Skip to content

Do you know: how to set up role-based access control in Elastic?

Each week, a new “Do You Know” will be posted on our Elastic Technical Knowledge Hub to share useful knowledge to improve the observability using Elasticsearch. These topics originate from day-to-day challenges we solved for our clients. A stepwise description helps you to successfully implement solutions on improving the performance of your deployment and get the best monitoring of your applications using dashboards and alerting.

This week I will discuss: how to set up role-based access control in Elastic.


At Devoteam, we use Elastic as both a playground for our consultants and a reporting tool for our management. To facilitate this, we’ve created dashboards leveraging our timesheet data sourced from our AFAS application.

Considering the sensitivity of certain data, we’ve implemented distinct user roles to regulate access, ensuring appropriate data security and confidentiality.


First, we create a new role in Elastic. Go to Elastic Stack Management → Select Roles and click on “Create Role”.

Assign a name to your new role. Depending on the specific permissions required for individuals in these roles, you can also limit access at the Cluster Level. For now, we will leave it as it is and keep the settings unchanged.

For Index Privileges, we just want to restrict access solely to the index labeled “afas”.

To achieve this, we use the regular expression /~(.afas.)/ as shown in the screenshot below.

Before you save the role, if needed, you have the option to grant access to the necessary Kibana spaces.

Once done, save the role and assign this new role to the correct set of users.

Need help with your Elastic challenges? Contact our experts.

With our 25+ Elastic certified consultants, Devoteam is your partner for developing and implementing Monitoring & Observability solutions that facilitate optimal IT control, from Business & IT Operations dashboards to centralized logging and proactive alerting.