We enabled XPack Security today to see how it works and created a role "business_user" (see below) with read access to 2 indices "logs-test" and "logs-prod". However, when users log in they are asked to create an index pattern without which they can view no data. This is a bit of a strange request for a user but when they try to create an index pattern it fails with HTTP status 403:
{"statusCode":403,"error":"Forbidden","message":"Unable to create index-pattern, missing action:saved_objects/index-pattern/create"}
Under dev tools they are able to GET _search and view documents.
What access rights are we missing here?
Why do users even need to define an index template? It seems unnecessary given we define the indices they can access in the role.
"business_user": {
"cluster": [
"manage_index_templates"
],
"indices": [
{
"names": [
"logs-test",
"logs-prod"
],
"privileges": [
"read",
"create"
],
"field_security": {
"grant": [
"*"
]
}
}
],
"applications": [
{
"application": "kibana-.kibana",
"privileges": [
"space_read"
],
"resources": [
"space:business"
]
}
],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}