Kibana/Elasticshield Document Level Security

gsb · January 17, 2017, 6:45pm

There is a native user configured in elasticshield with document level security configured for associated role with that user.

When query data from elasticsearch using curl with this user it returns data and works perfectly fine.

When logged into kibana using this user, Kibana enters in home page with Blank screen and processing bar on top right corner always runing and it never loads any data.

As part of debugging , when inspected browser network traffic , kibana is cocntantly firing queries to elastic search
like following

https://localhost:5601/elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1484678386812

https://localhost:5601/elasticsearch/.kibana/config/4.5.4

and receiving response 200 on both of these type of requests.

It never turns up data in kibana home page and constantly runing those queries at backend.

TimV · January 18, 2017, 4:37am

Did you read and followed the instructions for using Kibana with Shield? Users who need access to Kibana require specific index privileges.

If that doesn't resolve the issue, then you'll need to provide more details about how you configured your roles. It looks like something in your document level security configuration is preventing Kibana from getting the data it needs, but it's very difficult to guess what that might be without more details.

gsb · January 18, 2017, 9:29am

I have configured the required privileges for it to access kibana.

Following is role details associated to that user

"indices": [
{
"names": [ ".kibana*" ],
"privileges": ["manage","read","index"]
},
{
"names": [""],
"privileges": ["read","view_index_metadata"],
"fields" : [ "" ],
"query": {
"bool": {
"should": [
{"term": { "metadata.field1": "value1" }},
{"term": { "metadata.field2": "value2" }}
]
}
}
}
]

Just to Reiterate - The same user works well , when running a elastic search query using curl .

gsb · January 20, 2017, 10:06am

Following is role details associated to that user

"indices": [
{
"names": [ ".kibana*" ],
"privileges": ["manage","read","index"]
},
{
"names": [""],
"privileges": ["read","view_index_metadata"],
"fields" : [ "" ],
"query": {
"bool": {
"should": [
{"term": { "metadata.field1": "value1" }},
{"term": { "metadata.field2": "value2" }}
]
}
}
}
]

Just to Reiterate - The same user works well , when running a elastic search query using curl .

system · February 17, 2017, 10:07am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.