Hello,
I am using Kibana/Elasticsearch 7.9.0, and testing enabling security on the stack.
I am starting with a test user that gets the following on the GET API call:
GET _cat/indices
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "action [indices:monitor/stats] is unauthorized for user [my_bogus_user]"
}
],
"type" : "security_exception",
"reason" : "action [indices:monitor/stats] is unauthorized for user [my_bogus_user]"
},
"status" : 403
}
The role definition looks like this:
{
"cluster": ["monitor"],
"indices": [
{
"names": ["*"],
"privileges": ["read","view_index_metadata"]
}
]
}
the privilege definition looks like this:
{
"elasticsearch": {
"cluster": ["monitor"],
"indices": [
{
"names": ["apm-*"],
"privileges": ["read","view_index_metadata"]
},
{
"names": ["filebeat-*"],
"privileges": ["read","view_index_metadata"]
},
{
"names": ["metricbeat-*"],
"privileges": ["read","view_index_metadata"]
},
{
"names": ["packetbeat-*"],
"privileges": ["read","view_index_metadata"]
},
{
"names": ["heartbeat-*"],
"privileges": ["read","view_index_metadata"]
},
{
"names": ["auditbeat-*"],
"privileges": ["read","view_index_metadata"]
},
{
"names": [".ml-anomalies*"],
"privileges": ["read","view_index_metadata"]
},
{
"names": ["observability-annotations"],
"privileges": ["read","view_index_metadata"]
}
]
},
"kibana": [
{
"base": ["read"],
"spaces": ["*"]
}
]
}
I am not sure what to grant to get the proper access.
Thank you,
Joey