Business user cannot view any data in Kibana

cawoodm · November 26, 2018, 11:23am

We enabled XPack Security today to see how it works and created a role "business_user" (see below) with read access to 2 indices "logs-test" and "logs-prod". However, when users log in they are asked to create an index pattern without which they can view no data. This is a bit of a strange request for a user but when they try to create an index pattern it fails with HTTP status 403:

{"statusCode":403,"error":"Forbidden","message":"Unable to create index-pattern, missing action:saved_objects/index-pattern/create"}

Under dev tools they are able to GET _search and view documents.

What access rights are we missing here?

Why do users even need to define an index template? It seems unnecessary given we define the indices they can access in the role.

"business_user": {
        "cluster": [
            "manage_index_templates"
        ],
        "indices": [
            {
                "names": [
                    "logs-test",
                    "logs-prod"
                ],
                "privileges": [
                    "read",
                    "create"
                ],
                "field_security": {
                    "grant": [
                        "*"
                    ]
                }
            }
        ],
        "applications": [
            {
                "application": "kibana-.kibana",
                "privileges": [
                    "space_read"
                ],
                "resources": [
                    "space:business"
                ]
            }
        ],
        "run_as": [],
        "metadata": {},
        "transient_metadata": {
            "enabled": true
        }
    }

Bargs · November 26, 2018, 9:26pm

You'll also need to give them the Kibana user role:

cawoodm · November 27, 2018, 7:04am

Your answer is basically correct. However, adding the kibana_user role meant they saw the Default space as well so I copied across the following access rights to the business_user role (from kibana_user) and it works as expected:
Index .kibana*: manage, read, index, deleted

Thanks!

system · December 25, 2018, 7:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Xpack security roles Elasticsearch	5	999	May 29, 2017
Give privilege to a user to create index pattern Kibana	3	1678	December 21, 2020
Kibana 7.2.0 Index Patterns are visible to all users Kibana	4	1471	May 14, 2020
Which 'permission' for 'create user patternn'? Kibana elastic-stack-security	1	202	July 23, 2021
Create user in Kibana with read only access to indexes Kibana	3	1314	January 2, 2020

Business user cannot view any data in Kibana

Related topics