Hello @TimV ;
Thanks for answering this issue swift.
Here are the answers to your questions:
Role A =STAR_Institution
Role B=dkeessi_developer
- As user elastic i Kibana dev tooles
GET /_security/role/dkeessi_developer
{
"dkeessi_developer": {
"cluster": [
"all"
],
"indices": [
{
"names": [
"apm-*",
"auditbeat-*",
"packetbeat-*",
"journalbeat-*",
"winlogbeat-*",
"metricbeat-*",
"filebeat-*",
"heartbeat-*",
"apmonitoring",
"gwmessages-*",
"filewinlogbeat",
"shrink-*"
],
"privileges": [
"read",
"view_index_metadata",
"monitor",
"all"
],
"field_security": {
"grant": [
"*"
],
"except": []
},
"allow_restricted_indices": false
}
],
"applications": [
{
"application": "kibana-.kibana",
"privileges": [
"feature_discover.all",
"feature_visualize.all",
"feature_dashboard.all",
"feature_dev_tools.all",
"feature_canvas.all",
"feature_logs.read",
"feature_infrastructure.read",
"feature_apm.read",
"feature_uptime.read",
"feature_observabilityCases.read",
"feature_actions.all",
"feature_stackAlerts.all",
"feature_savedObjectsTagging.all",
"feature_siem.minimal_read",
"feature_siem.cases_read",
"feature_securitySolutionCases.read"
],
"resources": [
"space:default"
]
}
],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}
}
- As a user with Role B run
GET /_security/role/STAR_Institution
Response in Kibana dev-tools is 404 not found
3, As a user which should be have the dkeessi_developer role run
GET /_security/user/
{
"[nn.mm@xxx.com](mailto:nn.mm@xxx.com)": {
"username": "[nn.mm@xxx.com](mailto:nn.mm@xxx.com)",
"roles": [
"brugerrejser_writer",
"monitoring_user",
"superuser",
"editor"
],
"full_name": "Nn",
"email": "Mn",
"metadata": {},
"enabled": true
},
"[ooo@zzz.dk](mailto:ooo@zzz.dk)": {
"username": "[ooo@zzz.dk](mailto:ooo@zzz.dk)",
"roles": [
"superuser",
"editor",
"brugerrejser_writer"
],
"full_name": "OOO",
"email": "OOO",
"metadata": {},
"enabled": true
}
}
This looks wrong to me.
However, if elastic run the query
GET /_security/user/nn.mm@xxx.com
the answer looks as expected
"nn.mm@xxx.com": {
"username": "nn.mm@xxx.com",
"roles": [
"dkeessi_developer",
"dkeessi_servicedesk",
"monitoring_user",
"watcher_user",
"superuser",
"kibana_admin"
],
"full_name": "Nn Mm",
"email": "nn.mm@xxx.com",
"metadata": {},
"enabled": true
}
}