OpenSearch/docs/en/security/tribe-clients-integrations/reporting.asciidoc

[[secure-reporting]]
=== Reporting and Security

Reporting operates by creating and updating documents in Elasticsearch in
response to user actions in Kibana.

To use Reporting with {security} enabled, you need to <<kibana, set up Kibana
to work with {security}>>. If you are automatically generating reports with
<<xpack-alerting, {watcher}>>, you also need to configure {watcher} to trust the
Kibana server's certificate. For more information, see <<securing-reporting,
Securing Reporting>>.

[[reporting-app-users]]
To enable users to generate reports, assign them the built in `reporting_user`
and `kibana_user` roles:

* If you're using the `native` realm, you can assign roles through 
**Management / Users** UI in Kibana or with the `user` API. For example,
the following request creates a `reporter` user that has the
`reporting_user` and `kibana_user` roles:
+
[source, sh]
---------------------------------------------------------------
POST /_xpack/security/user/reporter
{
  "password" : "changeme", 
  "roles" : ["kibana_user", "reporting_user"], 
  "full_name" : "Reporting User"
}
---------------------------------------------------------------

* If you are using an LDAP or Active Directory realm, you can either assign
roles on a per user basis, or assign roles to groups of users. By default, role
mappings are configured in <<mapping-roles, `config/shield/role_mapping.yml`>>.
For example, the following snippet assigns the user named Bill Murray the
`kibana_user` and `reporting_user` roles:
+
[source,yaml]
--------------------------------------------------------------------------------
kibana_user:
  - "cn=Bill Murray,dc=example,dc=com"
reporting_user:
  - "cn=Bill Murray,dc=example,dc=com"
--------------------------------------------------------------------------------
[DOCS] Migrated security topics from x-pack repo to x-pack-elasticsearch. Original commit: elastic/x-pack-elasticsearch@e54aa1fd0a2f0e60013d7e427329e4408fa578fe 2017-04-06 21:29:29 -04:00			`[[secure-reporting]]`
			`=== Reporting and Security`

			`Reporting operates by creating and updating documents in Elasticsearch in`
			`response to user actions in Kibana.`

			`To use Reporting with {security} enabled, you need to <<kibana, set up Kibana`
			`to work with {security}>>. If you are automatically generating reports with`
			`<<xpack-alerting, {watcher}>>, you also need to configure {watcher} to trust the`
			`Kibana server's certificate. For more information, see <<securing-reporting,`
			`Securing Reporting>>.`

			`[[reporting-app-users]]`
			To enable users to generate reports, assign them the built in `reporting_user`
			and `kibana_user` roles:

			* If you're using the `native` realm, you can assign roles through
			Management / Users UI in Kibana or with the `user` API. For example,
			the following request creates a `reporter` user that has the
			`reporting_user` and `kibana_user` roles:
			`+`
			`[source, sh]`
			`---------------------------------------------------------------`
			`POST /_xpack/security/user/reporter`
			`{`
			`"password" : "changeme",`
			`"roles" : ["kibana_user", "reporting_user"],`
			`"full_name" : "Reporting User"`
			`}`
			`---------------------------------------------------------------`

			`* If you are using an LDAP or Active Directory realm, you can either assign`
			`roles on a per user basis, or assign roles to groups of users. By default, role`
			mappings are configured in <<mapping-roles, `config/shield/role_mapping.yml`>>.
			`For example, the following snippet assigns the user named Bill Murray the`
			`kibana_user` and `reporting_user` roles:
			`+`
			`[source,yaml]`
			`--------------------------------------------------------------------------------`
			`kibana_user:`
			`- "cn=Bill Murray,dc=example,dc=com"`
			`reporting_user:`
			`- "cn=Bill Murray,dc=example,dc=com"`
			`--------------------------------------------------------------------------------`