Kibana/Elasticshield Document Level Security

security

#1

There is a native user configured in elasticshield with document level security configured for associated role with that user.

When query data from elasticsearch using curl with this user it returns data and works perfectly fine.

When logged into kibana using this user, Kibana enters in home page with Blank screen and processing bar on top right corner always runing and it never loads any data.

As part of debugging , when inspected browser network traffic , kibana is cocntantly firing queries to elastic search
like following

https://localhost:5601/elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1484678386812

https://localhost:5601/elasticsearch/.kibana/config/4.5.4

and receiving response 200 on both of these type of requests.

It never turns up data in kibana home page and constantly runing those queries at backend.


(Tim Vernum) #2

Did you read and followed the instructions for using Kibana with Shield? Users who need access to Kibana require specific index privileges.

If that doesn't resolve the issue, then you'll need to provide more details about how you configured your roles. It looks like something in your document level security configuration is preventing Kibana from getting the data it needs, but it's very difficult to guess what that might be without more details.


#3

I have configured the required privileges for it to access kibana.

Following is role details associated to that user

"indices": [
{
"names": [ ".kibana*" ],
"privileges": ["manage","read","index"]
},
{
"names": [""],
"privileges": ["read","view_index_metadata"],
"fields" : [ "
" ],
"query": {
"bool": {
"should": [
{"term": { "metadata.field1": "value1" }},
{"term": { "metadata.field2": "value2" }}
]
}
}
}
]

Just to Reiterate - The same user works well , when running a elastic search query using curl .


#4

Following is role details associated to that user

"indices": [
{
"names": [ ".kibana*" ],
"privileges": ["manage","read","index"]
},
{
"names": [""],
"privileges": ["read","view_index_metadata"],
"fields" : [ "
" ],
"query": {
"bool": {
"should": [
{"term": { "metadata.field1": "value1" }},
{"term": { "metadata.field2": "value2" }}
]
}
}
}
]

Just to Reiterate - The same user works well , when running a elastic search query using curl .


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.