Es 5.2.2 X-pack index permission error

I am trying to create a user account who only has accesses to specific indexes when they log into Kibana, but when I log in I am getting just the navigation bar and a blank screen. The following error shows up in the browser console:

Error: [security_exception] action [indices:data/read/search] is unauthorized for user [mo]

The role has read and write access to an index that exists in elasticsearch and has been added as a pattern in Kibana, so the expected behavior is that they would have access to view and create charts only on that index. If I add "*" to the Index Privileges then everything works fine, but that kind of defeats the whole purpose.

Here are the specifics

Elasticsearch v. 5.2.2
Kibana v. 5.2.2

Role: Missouri

  • Index Privileges: events.logins
  • Privileges: read, write


  • Username mo
  • Roles: Missouri

Hi there,
The issue here is that you need to add the "kibana_user" role to the "mo" user as well (along with the "Missouri" one). That role gives the user access to read and modify the .kibana index which is needed by Kibana in order to function properly.

Hello Marius,

I added the "kibana user" role, however the user gained access to other indices. For example, the mo user can now see the .kibana index. I cleared the cache and restarted the browser just to make sure that permissions weren't leaking over.

The user is supposed to have acces to that index as that is the index where Kibana stores it's settings and other objects (like saved searches, dashboards or visualizations). And yes, the permission for that index is given by the "kibana user" role.
You can see this on the docs:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.