Disable password change for specific roles via Kibana UI

[blacktop]

Describe the feature:

I don't think that the demo user role should be able to change it's password. The password should only be able to be changed by an admin.

Describe a specific use case for the feature:

I have a demo instance of kibana facing the internet and I keep having people change the users password so others wanting to try the demo cannot access it.

[elasticmachine]

Pinging @elastic/kibana-security

[legrego]

Hi @blacktop,

Kibana/Elasticsearch does not have the notion of a "demo user". This is likely an account setup by a project maintainer in the issues you linked.

If you wish to prevent password changes through the UI though, I'd recommend setting your users up outside of the native realm. Instead, you can use something like the file realm to define your usernames and passwords. For more information on roles, see: https://www.elastic.co/guide/en/elastic-stack-overview/current/realms.html

If you'd like help setting that up, feel free to start a conversation on our discussion boards!

[blacktop]

@legrego the ES backend is on ElasticCloud so I don't think that I can change the realm. This is a feature request. To create a Role that can't change it's password via the kibana UI.

[legrego]

Thanks for clarifying! I renamed this issue to better capture what you’re looking for, and I’ll reopen this as well

[kobelb]

I'm wondering whether #18331 would solve the real underlying problem because being forced to share a login/password with your users in the first place seems less than ideal.

[kobelb]

Closing this as I believe what we really want is improved anonymous access: #18331