Action [indices:data/read/search[phase/query]] is unauthorized for user [kibana4_server]

security

(Vincent) #1

I've installed shield on elasticsearch but not on kibana. And I configured kibana to use kibana4_server user when talking to elasticsearch.

However when I go to kibana it still asks me username and password with a prompt window. When I login with kibana4_server I got this error:
action [indices:data/read/search[phase/query]] is unauthorized for user [kibana4_server]

Any help appreciated.

Here's my users_role.yml file:

admin:admin
kibana4_server:kibana4_server,anonymous
user:user

Here's my roles.yml file:

# All cluster rights
# All operations on all indices
admin:
  cluster:
    - all
  indices:
    - names: '*'
      privileges:
        - all

# monitoring cluster privileges
# All operations on all indices
power_user:
  cluster:
    - monitor
  indices:
    - names: '*'
      privileges:
        - all

# Read-only operations on indices
user:
  indices:
    - names: '*'
      privileges:
        - read

# Defines the required permissions for transport clients
transport_client:
  cluster:
      - transport_client

# The required permissions for the kibana 4 server
kibana4_server:
  cluster:
      - monitor
  indices:
    - names: '*'
      privileges:
        - monitor
        - view_index_metadata
        - read
        - indices:admin/mappings/fields/get
        - indices:data/read/search[phase/query]
        - indices:admin/validate/query
        - indices:data/read/search
        - indices:data/read/msearch
        - indices:data/read/field_stats
        - indices:admin/get
    - names: '.kibana*'
      privileges:
        - all
    - names: '.reporting-*'
      privileges:
        - all

# The required role for logstash users
logstash:
  cluster:
    - manage_index_templates
  indices:
    - names: 'logstash-*'
      privileges:
        - write
        - read
        - create_index

# Marvel user role. Assign to marvel users.
marvel_user:
  indices:
    - names: '.marvel-es-*'
      privileges: [ "read" ]
    - names: '.kibana'
      privileges:
        - view_index_metadata
        - read

# Marvel remote agent role. Assign to the agent user on the remote marvel cluster
# to which the marvel agent will export all its data
remote_marvel_agent:
  cluster: [ "manage_index_templates" ]
  indices:
    - names: '.marvel-es-*'
      privileges: [ "all" ]

anonymous:
  cluster:
      - cluster:monitor/nodes/info
      - cluster:monitor/health
  indices:
    '*':
      - indices:admin/mappings/fields/get
      - indices:admin/validate/query
      - indices:data/read/search
      - indices:data/read/msearch
      - indices:admin/get
    '.kibana':
      - indices:admin/exists
      - indices:admin/mappings/fields/get
      - indices:admin/refresh
      - indices:admin/validate/query
      - indices:data/read/get
      - indices:data/read/mget
      - indices:data/read/search

(Jay Modi) #2

The kibana4_server role is only for the kibana server to communicate with elasticsearch. You will still need to use a role that grants access to data in order to use Kibana, see https://www.elastic.co/guide/en/shield/current/kibana.html#kibana


(Vincent) #3

Ahh that makes more sense. Thank you.


(system) #4