Kibana "error fetching fields" forbidden

I'm using version 7.5 on Elastic Cloud, and I've created a new user & role, to use instead of global admin "elastic" account, setting the permissions to read from the desired indexes.

If that non-admin user access Kibana > Discovery BEFORE the admin "elastic" user, that error is triggered. Once the "elastic" user access Kibana > Discovery, the error goes away. This happens every 24h hours.

I assume that some action is performed when accessing Discovery after a while, and the normal user doesn't have enough permissions to perform it, but I can't figure out what is it.

I've also seen this error was reported here: Error fetching fields, but the solution doesn't make much sense to me.

I'm having the same issue with an on prem 7.5.2 deployment.

Does the non-elastic user have the kibana_user role? If not, I suspect that might fix it.

Otherwise, please post:

  • The roles of the non-elastic user
  • The definition of any of the roles of the non-elastic user, that are not built-in

You can do this with:

GET _security/user/<username>
GET _security/role/<role>

I've created a specific role for the user.

GET _security/user/test

{
  "test" : {
    "username" : "test",
    "roles" : [
      "User"
    ],
    "full_name" : "Test",
    "email" : "",
    "metadata" : { },
    "enabled" : true
  }
}

GET _security/user/User

{
  "User" : {
    "cluster" : [ ],
    "indices" : [
      {
        "names" : [
          "filebeat-*"
        ],
        "privileges" : [
          "read"
        ],
        "field_security" : {
          "grant" : [
            "*"
          ],
          "except" : [ ]
        },
        "allow_restricted_indices" : false
      }
    ],
    "applications" : [
      {
        "application" : "kibana-.kibana",
        "privileges" : [
          "feature_discover.all",
          "feature_visualize.all",
          "feature_dashboard.all",
          "feature_siem.read",
          "feature_maps.read",
          "feature_canvas.read",
          "feature_graph.read"
        ],
        "resources" : [
          "space:default"
        ]
      }
    ],
    "run_as" : [
      "test"
    ],
    "metadata" : { },
    "transient_metadata" : {
      "enabled" : true
    }
  }
}

Please add the kibana_user role to the user, so that it reads:

{
  "test" : {
    "username" : "test",
    "roles" : [
      "User",
      "kibana_user"
    ],
    "full_name" : "Test",
    "email" : "",
    "metadata" : { },
    "enabled" : true
  }
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.