Custom Roles - Errors when saved reports/visuals, but created successfully


(Jayanna Hallur) #1

Objective:

  1. Create a read only role & user who should be able to login to Kibana and do all READ only operation like open the dashboard & monitor
  2. Create a power user role & user who should be able to create their own kibana dashboards, create alerting using watcher APIs
  3. Create SuperPower role & user to create own dashboards, user Watcher App for alerting, and use Machine Learning App for creation ML analytics..

ES & kibana version: 5.4.0

Steps:
Created the power user role with following configuration and user..

POST _xpack/security/role/standard_poweruser_v2
{
"cluster": ["monitor", "manage_watcher", "manage_ml", "transport_client", "manage" ],
"indices": [
{
"names": [ "*" ],
"privileges": [ "view_index_metadata", "read", "read_cross_cluster", "index" ]
}
]
}

POST _xpack/security/user/poweruser
{
"password" : "changeme",
"roles" : [ "standard_poweruser_v2"],
"full_name" : "Power User for Jayanna"
}

logged into Kibana with poweruser/chageme credentials..

Under Discover, I'm able to see the all index data.. but when I try to save it, I get an error
===> "Discover: [security_exception] action [indices:admin/refresh] is unauthorized for user [poweruser]" ...
But the REPORT is SAVED... when I click on OPEN, I can see search query saved..

Same with Visualization.. I'm open up already existing Visuals and with "save as new visualization" checkbox, when I save it, I get below ERROR, But it SAVED SUCCESSFULLY.
===> Visualization Editor: [security_exception] action [indices:admin/refresh] is unauthorized for user [poweruser]

Whats the wrong with these configuration? Why the error is thrown but created successfully..
Whats the right configuration for the above requirements?


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.