Kibana login broken after trying to enable reporting. "You do not have permission to access the requested page" message - Need help to fix it

Elastic Stack Kibana
1

Hi there,

After trying to enable reporting in Kibana following the document below:

I am not able to login into Kibana anymore.

I am using a Kibana 8.10.4 container version.
The Elasticsearch is a IBM Cloud managed version.

I am able to run queries in Elasticsearch from CLI like using the same user, but somehow it messed up with Kibana permissions.

Any ideas to fix that?

Thanks in advance.

2

Hello @eparreiras

Welcome to the community!!

Could you please share the username with which you are trying to access Kibana?

Also, if possible, please share the kibana.yml file with all sensitive values (like node addresses, usernames, and passwords) hashed or obfuscated."

Similar post :

Thanks!!

3

Hi Tortoise,

I am using the user ibm_cloud, created as service credentials in IBM Cloud. It was working before.
Here is the current kibana.yml:

apiVersion: v1
kind: ConfigMap
metadata:
name: kibana-yml
namespace: monitoring
uid: 6c2b4fd6-f960-4113-9051-3b68665b89e8
resourceVersion: "37847570"
creationTimestamp: "2025-07-02T20:32:40Z"
annotations:
freelens.app/resource-version: v1
[kubectl.kubernetes.io/last-applied-configuration:](http://kubectl.kubernetes.io/last-applied-configuration:) >
{"apiVersion":"v1","data":{"kibana.yml":"elasticsearch.ssl.certificateAuthorities:
"/usr/share/kibana/config/cacert/cacert"\nelasticsearch.username:
"redacted"\nelasticsearch.password:
"redacted"\nelasticsearch.hosts:
["redacted"]\nserver.name:
"kibana"\nserver.host: "0.0.0.0"\nserver.basePath:
"/kibana"\nserver.rewriteBasePath:
true"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"kibana-yml","namespace":"monitoring"}}
selfLink: /api/v1/namespaces/monitoring/configmaps/kibana-yml
data:
kibana.yml: >-
elasticsearch.ssl.certificateAuthorities:
"/usr/share/kibana/config/cacert/kibana-ca.crt"
elasticsearch.username: "redacted"
elasticsearch.password: "redacted"
elasticsearch.hosts:
["redacted"]
server.name: "kibana"
server.host: "0.0.0.0"
server.basePath: "/kibana"
server.rewriteBasePath: true
1 Like
4

Hello @eparreiras

In order to investigate i think below points can be reviewed :

  1. Can you confirm whether any other users are able to log in to Kibana after reporting was enabled?
  2. Please check the Kibana server logs around the login attempt and share any authorization or security-related messages.
  3. If login with the elastic superuser is successful, please verify the roles assigned to the ibm_cloud user (either via the Kibana UI or using the Elasticsearch security APIs).
  4. Review the affected role configuration to confirm whether it includes Kibana application privileges. If the role has only Elasticsearch privileges and no Kibana space/feature permissions, Kibana access will be denied (as shown in the screenshot).

image
image1154×251 8.74 KB

Error :

image
image541×311 12.3 KB

Thanks!!

5

This is what I see when checking the user permissions:

GET https://7fc43ac1-7502-4435-9831-7c2c6d67cf59.c38qvnlz04atmdpus310.private.databases.appdomain.cloud:31969/_security/_authenticate?pretty
{
  "username" : "admin",
  "roles" : [
    "ibm_superuser",
    "kibana_system"
  ],
  "full_name" : null,
  "email" : null,
  "metadata" : { },
  "enabled" : true,
  "authentication_realm" : {
    "name" : "native1",
    "type" : "native"
  },
  "lookup_realm" : {
    "name" : "native1",
    "type" : "native"
  },
  "authentication_type" : "realm"
}

Even with the admin/elastic user, I get the same problem.

This is what I see at Kibana logs

[2026-01-15T12:28:16.880+00:00][INFO ][plugins.synthetics] Installed synthetics index templates
[2026-01-15T12:28:17.931+00:00][INFO ][plugins.eventLog] Creating datastream .kibana-event-log-8.10.4
[2026-01-15T12:28:17.943+00:00][WARN ][plugins.eventLog] eventLog initialization operation failed and will be retried: createDataStreamIfNotExists; 3 more times; error: error creating data stream: illegal_argument_exception
	Root causes:
		illegal_argument_exception: matching index template [ibm_defaults] for data stream [.kibana-event-log-8.10.4] has no data stream template
[2026-01-15T12:28:18.349+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_x64/headless_shell
6 
	Root causes:
		illegal_argument_exception: matching index template [ibm_defaults] for data stream [.kibana-event-log-8.10.4] has no data stream template
[2026-01-15T12:29:08.197+00:00][ERROR][plugins.eventLog] error initializing elasticsearch resources: error creating data stream: illegal_argument_exception
	Root causes:
		illegal_argument_exception: matching index template [ibm_defaults] for data stream [.kibana-event-log-8.10.4] has no data stream template
[2026-01-15T12:29:08.198+00:00][ERROR][plugins.eventLog] initialization failed, events will not be indexed
[2026-01-15T12:35:09.925+00:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"num_host_urls":0}}
[2026-01-15T12:44:00.850+00:00][INFO ][plugins.fleet] Running Fleet Usage telemetry send task
[2026-01-15T12:50:12.871+00:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"num_host_urls":0}}
[2026-01-15T12:54:55.777+00:00][INFO ][status] Kibana is now degraded (was available)
[2026-01-15T12:55:01.263+00:00][INFO ][status] Kibana is now available (was degraded)
[2026-01-15T12:59:44.398+00:00][INFO ][plugins.security.routes] Logging in with provider "basic" (basic)
[2026-01-15T13:05:14.339+00:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"num_host_urls":0}}
[2026-01-15T13:20:17.405+00:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"num_host_urls":0
7

Hi @eparreiras

This is not the correct role for an end user logging into Kibana. That should not be part of any user logging into Kibana, it's only for Kibana's system to connect to Elasticsearch it does not grant access to the Kibana UI / reporting features etc.... take it out, this is what is mostl likely preventing you to log into Kibana correctly.

Then Follow the instruction in the Documentation
Create The Role as show in the documentation.
Then add that New Role to the user.