Courier Fetch Error while using shield authentication

Hi Experts,

I am facing an issue while using trying to assign a role for a specific user.
I am using window AD for authenticating the users.

this is my roles.yml file

claims_read:
indices:
'claims':
privileges: read
'.kibana43':
- indices:admin/exists
- indices:admin/mappings/fields/get
- indices:admin/refresh
- indices:admin/validate/query
- indices:data/read/get
- indices:data/read/mget
- indices:data/read/search

claims_read1:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
'blaa':
privileges:
- indices:admin/mappings/fields/get
- indices:admin/validate/query
- indices:admin/get
- read

admin:
cluster:
- all
indices:
- names: '*'
privileges:
- all

If i assign a user with admin role everything is working fine, but when i assign claims_read1 role to a user i am getting the following error in the kibana.

Error: unhandled courier request error: [security_exception] action [indices:data/read/mget] is unauthorized for user [sxbhas]
at handleError (https://wlielastict01.asia.intl.cigna.com:5601/bundles/kibana.bundle.js?v=9693:78866:23)
at DocRequest.AbstractReqProvider.AbstractReq.handleFailure (https://wlielastict01.asia.intl.cigna.com:5601/bundles/kibana.bundle.js?v=9693:78786:15)
at https://wlielastict01.asia.intl.cigna.com:5601/bundles/kibana.bundle.js?v=9693:78680:18
at Array.forEach (native)
at https://wlielastict01.asia.intl.cigna.com:5601/bundles/kibana.bundle.js?v=9693:78678:19
at processQueue (https://wlielastict01.asia.intl.cigna.com:5601/bundles/commons.bundle.js?v=9693:42357:29)
at https://wlielastict01.asia.intl.cigna.com:5601/bundles/commons.bundle.js?v=9693:42373:28
at Scope.$eval (https://wlielastict01.asia.intl.cigna.com:5601/bundles/commons.bundle.js?v=9693:43601:29)
at Scope.$digest (https://wlielastict01.asia.intl.cigna.com:5601/bundles/commons.bundle.js?v=9693:43412:32)
at Scope.$apply (https://wlielastict01.asia.intl.cigna.com:5601/bundles/commons.bundle.js?v=9693:43709:25)

But i double checked the log if there is anything wrong in the role update, but i could not find anything
Aug 11 16:27:23 wlielastict01 elasticsearch: [2016-08-11 16:27:23,269][INFO ][gateway ] [cignanz-elk-test-wlielastict01] recovered [133] indices into cluster_state
Aug 11 16:27:40 wlielastict01 elasticsearch: [2016-08-11 16:27:40,197][INFO ][cluster.routing.allocation] [cignanz-elk-test-wlielastict01] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[winlogbeat-2016.02.27][1], [winlogbeat-2016.02.27][1]] ...]).

Any help would be great.

Thanks!!

Hi,

It looks like the role is missing the privilege indices:data/read/mget:

According to your configuration, the role claims_read1 does not have this privilege but claims_read does.

Hi Tanguy,

Actually, I tried both the roles claims_read1 and claims_read, I am facing the same error.
does the indenting matters in the roles.yml?

thanks,
Siva

Yes, identation is very important in YAML files. Can you try again with a corrected role file?