One solution I have seen is to use a reverse proxy infront of your infrastructure..
One option is to use nginx reverse proxy to access your Kibana dashboard, which entails a simple nginx configuration that requires those who want to access the dashboard to have a username and password. This quickly blocks access to your Kibana console.
The challenge here arises if you would like to limit access on a more granular level. This is currently impossible within open source ELK.
That is with respect to an ELK stack, but I'm guessing it's a similar situation with the opensource dashboard/console.
I'm not sure if it supports a more fine-grained role based access control.