Kibana 7.9.0 - 403 Forbidden on /api/kibana/settings

I've been struggling trying to set up a read-only user for Kibana. It seems like I have it working now, with the exception of an error popping up in the Discover app. It seems to be exactly the issue listed here: https://github.com/elastic/kibana/pull/54122 where the defaultIndex cannot be set because of missing permissions.

I have version 7.9.0 installed, which I think is the version that should contain that fix?

Nonetheless, here's a description of what I'm seeing:

In the browser:

{"statusCode":403,"error":"Forbidden","message":"Unable to update config"}

Payload:

{"changes":{"defaultIndex":"79252c80-e646-11ea-a164-698e3f6ff28b"}}

My JSON space definition is:

{
  "id": "users",
  "name": "Users",
  "description" : "This is the Users Space (Read Only)",
  "color": "#aabbcc",
  "initials": "US",
  "disabledFeatures": ["enterpriseSearch", "ml", "siem", "visualize", "dashboard", "advancedSettings", "savedObjectsManagement", "ingestManager", "monitoring", "timelion", "graph", "maps", "canvas", "infrastructure", "uptime"]
}

My JSON role definition is (my_bogus_role):

{
  "elasticsearch": {
    "cluster": ["monitor"],
    "indices": [
      {
        "names": ["*"],
        "privileges": ["monitor"]
      },
      {
        "names": ["apm-*"],
        "privileges": ["read","view_index_metadata"]
      },
      {
        "names": ["filebeat-*"],
        "privileges": ["read","view_index_metadata"]
      },
      {
        "names": ["metricbeat-*"],
        "privileges": ["read","view_index_metadata"]
      },
      {
        "names": ["packetbeat-*"],
        "privileges": ["read","view_index_metadata"]
      },
      {
        "names": ["heartbeat-*"],
        "privileges": ["read","view_index_metadata"]
      },
      {
        "names": ["auditbeat-*"],
        "privileges": ["read","view_index_metadata"]
      },
      {
        "names": [".ml-anomalies*"],
        "privileges": ["read","view_index_metadata"]
      },
      {
        "names": ["observability-annotations"],
        "privileges": ["read","view_index_metadata"]
      }
    ]
  },
  "kibana": [
    {
      "base": [ ],
      "feature": {
        "indexPatterns": ["all"],
        "apm": ["read"],
        "logs": ["read"],
        "discover": ["read"],
        "dev_tools": ["read"]
      },
      "spaces": ["users"]
    }
  ]
}

My JSON user definition is:

{
  "password": "password",
  "roles": ["my_bogus_role"],
  "full_name": "Bogus User"
}

Thank you for any help you can provide.

Joey

Hello @cotjoey -

Its attempting to set the defaultIndex because none is set. If you log in as a user with sufficient privileges it will be set and the error will no longer appear.

Hello,

I was looking for a way to mostly set this up for my users before they login. I found a few API calls that can set the default index-pattern for my Space (users). I'll use that for automation:

Fetch index-pattern unique id

curl -s -u elastic:password -XGET "https://kibana_host:5601/s/users/api/saved_objects/_find?type=index-pattern&search_fields=title&search=apm*&fields=id" -k

Set defaultIndex with unique id fetched above:

curl -s -u elastic:password -XPOST -H "Content-Type: application/json" -H "kbn-xsrf: true" https://kibana_host:5601/s/users/api/kibana/settings -d '{"changes":{"defaultIndex":"12345678-1234-1234-1234-123456789012"}}' -k

Thank you for your help.
Joey

1 Like