Hi there,
After trying to enable reporting in Kibana following the document below:
I am not able to login into Kibana anymore.
I am using a Kibana 8.10.4 container version.
The Elasticsearch is a IBM Cloud managed version.
I am able to run queries in Elasticsearch from CLI like using the same user, but somehow it messed up with Kibana permissions.
Any ideas to fix that?
Thanks in advance.
Hello @eparreiras
Welcome to the community!!
Could you please share the username with which you are trying to access Kibana?
Also, if possible, please share the kibana.yml file with all sensitive values (like node addresses, usernames, and passwords) hashed or obfuscated."
Similar post :
Thanks!!
Hi Tortoise,
I am using the user ibm_cloud, created as service credentials in IBM Cloud. It was working before.
Here is the current kibana.yml:
apiVersion: v1
kind: ConfigMap
metadata:
name: kibana-yml
namespace: monitoring
uid: 6c2b4fd6-f960-4113-9051-3b68665b89e8
resourceVersion: "37847570"
creationTimestamp: "2025-07-02T20:32:40Z"
annotations:
freelens.app/resource-version: v1
[kubectl.kubernetes.io/last-applied-configuration:](http://kubectl.kubernetes.io/last-applied-configuration:) >
{"apiVersion":"v1","data":{"kibana.yml":"elasticsearch.ssl.certificateAuthorities:
"/usr/share/kibana/config/cacert/cacert"\nelasticsearch.username:
"redacted"\nelasticsearch.password:
"redacted"\nelasticsearch.hosts:
["redacted"]\nserver.name:
"kibana"\nserver.host: "0.0.0.0"\nserver.basePath:
"/kibana"\nserver.rewriteBasePath:
true"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"kibana-yml","namespace":"monitoring"}}
selfLink: /api/v1/namespaces/monitoring/configmaps/kibana-yml
data:
kibana.yml: >-
elasticsearch.ssl.certificateAuthorities:
"/usr/share/kibana/config/cacert/kibana-ca.crt"
elasticsearch.username: "redacted"
elasticsearch.password: "redacted"
elasticsearch.hosts:
["redacted"]
server.name: "kibana"
server.host: "0.0.0.0"
server.basePath: "/kibana"
server.rewriteBasePath: true
Hello @eparreiras
In order to investigate i think below points can be reviewed :
elastic superuser is successful, please verify the roles assigned to the ibm_cloud user (either via the Kibana UI or using the Elasticsearch security APIs).Error :
Thanks!!
This is what I see when checking the user permissions:
GET https://7fc43ac1-7502-4435-9831-7c2c6d67cf59.c38qvnlz04atmdpus310.private.databases.appdomain.cloud:31969/_security/_authenticate?pretty
{
"username" : "admin",
"roles" : [
"ibm_superuser",
"kibana_system"
],
"full_name" : null,
"email" : null,
"metadata" : { },
"enabled" : true,
"authentication_realm" : {
"name" : "native1",
"type" : "native"
},
"lookup_realm" : {
"name" : "native1",
"type" : "native"
},
"authentication_type" : "realm"
}
Even with the admin/elastic user, I get the same problem.
This is what I see at Kibana logs
[2026-01-15T12:28:16.880+00:00][INFO ][plugins.synthetics] Installed synthetics index templates
[2026-01-15T12:28:17.931+00:00][INFO ][plugins.eventLog] Creating datastream .kibana-event-log-8.10.4
[2026-01-15T12:28:17.943+00:00][WARN ][plugins.eventLog] eventLog initialization operation failed and will be retried: createDataStreamIfNotExists; 3 more times; error: error creating data stream: illegal_argument_exception
Root causes:
illegal_argument_exception: matching index template [ibm_defaults] for data stream [.kibana-event-log-8.10.4] has no data stream template
[2026-01-15T12:28:18.349+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_x64/headless_shell
Root causes:
illegal_argument_exception: matching index template [ibm_defaults] for data stream [.kibana-event-log-8.10.4] has no data stream template
[2026-01-15T12:29:08.197+00:00][ERROR][plugins.eventLog] error initializing elasticsearch resources: error creating data stream: illegal_argument_exception
Root causes:
illegal_argument_exception: matching index template [ibm_defaults] for data stream [.kibana-event-log-8.10.4] has no data stream template
[2026-01-15T12:29:08.198+00:00][ERROR][plugins.eventLog] initialization failed, events will not be indexed
[2026-01-15T12:35:09.925+00:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"num_host_urls":0}}
[2026-01-15T12:44:00.850+00:00][INFO ][plugins.fleet] Running Fleet Usage telemetry send task
[2026-01-15T12:50:12.871+00:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"num_host_urls":0}}
[2026-01-15T12:54:55.777+00:00][INFO ][status] Kibana is now degraded (was available)
[2026-01-15T12:55:01.263+00:00][INFO ][status] Kibana is now available (was degraded)
[2026-01-15T12:59:44.398+00:00][INFO ][plugins.security.routes] Logging in with provider "basic" (basic)
[2026-01-15T13:05:14.339+00:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"num_host_urls":0}}
[2026-01-15T13:20:17.405+00:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"num_host_urls":0
Hi @eparreiras
This is not the correct role for an end user logging into Kibana. That should not be part of any user logging into Kibana, it's only for Kibana's system to connect to Elasticsearch it does not grant access to the Kibana UI / reporting features etc.... take it out, this is what is mostl likely preventing you to log into Kibana correctly.
Then Follow the instruction in the Documentation
Create The Role as show in the documentation.
Then add that New Role to the user.
Hey Stephen,
Thanks for your reply.
Is that the cause of the issue?
It's using a IBM Cloud Elasticsearch instance.
It seems I don't have privileges to change that.
This is the current permissions set. I am not able to see anything wrong.
{
"cluster" : [
"cancel_task",
"cluster:admin/analyze",
"cluster:admin/xpack/monitoring/bulk",
"cluster:admin/xpack/security/api_key/invalidate",
"cluster:admin/xpack/security/privilege/builtin/get",
"cluster:admin/xpack/security/profile/activate",
"cluster:admin/xpack/security/profile/get",
"cluster:admin/xpack/security/profile/has_privileges",
"cluster:admin/xpack/security/profile/suggest",
"delegate_pki",
"grant_api_key",
"manage_enrich",
"manage_ilm",
"manage_index_templates",
"manage_ml",
"manage_oidc",
"manage_own_api_key",
"manage_pipeline",
"manage_saml",
"manage_token",
"manage_transform",
"monitor",
"monitor_connector",
"monitor_text_structure",
"write_fleet_secrets"
],
"global" : [
{
"profile" : {
"write" : {
"applications" : [
"kibana*"
]
}
}
},
{
"application" : {
"manage" : {
"applications" : [
"kibana-*"
]
}
}
}
],
"indices" : [
{
"names" : [
".management-beats"
],
"privileges" : [
"create_index",
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-cloud_security_posture.findings_latest-default*",
"logs-cloud_security_posture.scores-default*",
"logs-cloud_security_posture.vulnerabilities_latest-default*"
],
"privileges" : [
"create_index",
"delete",
"index",
"indices:admin/aliases",
"indices:admin/settings/update",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"kibana_sample_data_*"
],
"privileges" : [
"create_index",
"delete_index",
"index",
"indices:admin/aliases",
"indices:admin/settings/update",
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".monitoring-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
"traces-apm-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
".alerts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-ti_*_latest.*"
],
"privileges" : [
"create_index",
"delete",
"delete_index",
"index",
"indices:admin/aliases",
"indices:admin/settings/update",
"manage",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-osquery_manager.action.responses-*"
],
"privileges" : [
"auto_configure",
"create_index",
"delete",
"index",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-endpoint.metadata*"
],
"privileges" : [
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".items-*",
".lists-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"risk-score.risk-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-osquery_manager.actions-*"
],
"privileges" : [
"auto_configure",
"create_index",
"delete",
"index",
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-osquery_manager.action.responses-*"
],
"privileges" : [
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.action.responses-*",
".logs-endpoint.actions-*",
".logs-endpoint.diagnostic.collection-*",
".logs-endpoint.heartbeat-*",
".logs-osquery_manager.action.responses-*",
".logs-osquery_manager.actions-*",
"/metrics-.*&~(metrics-endpoint\\.metadata_current_default.*)/",
"logs-*",
"logs-osquery_manager.action.responses-*",
"profiling-*",
"synthetics-*",
"traces-*"
],
"privileges" : [
"indices:admin/data_stream/lifecycle/put",
"indices:admin/mapping/put",
"indices:admin/rollover",
"indices:admin/settings/update"
],
"allow_restricted_indices" : false
},
{
"names" : [
".ml-annotations*",
".ml-notifications*"
],
"privileges" : [
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-ti_*.*-*"
],
"privileges" : [
"indices:admin/delete",
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".internal.alerts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-fleet_server*"
],
"privileges" : [
"delete_index",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-crowdstrike.*",
"logs-sentinel_one.*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-endpoint.events.*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"traces-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-cloud_defend.*",
"metrics-cloud_defend.*"
],
"privileges" : [
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".metrics-endpoint.metadata_current_default*",
".metrics-endpoint.metadata_united_default*",
"metrics-endpoint.metadata_current_default*"
],
"privileges" : [
"create_index",
"delete_index",
"index",
"indices:admin/aliases",
"indices:admin/settings/update",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".slo-observability.*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
".internal.preview.alerts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.heartbeat-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.diagnostic.collection-*",
"logs-apm-*",
"logs-apm.*-*",
"metrics-apm-*",
"metrics-apm.*-*",
"synthetics-browser-*",
"synthetics-browser.network-*",
"synthetics-browser.screenshot-*",
"synthetics-http-*",
"synthetics-icmp-*",
"synthetics-tcp-*",
"traces-apm-*",
"traces-apm.*-*"
],
"privileges" : [
"indices:admin/delete"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-elastic_agent*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.action.responses-*"
],
"privileges" : [
"auto_configure",
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
"*"
],
"privileges" : [
"all",
"monitor",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".elastic-connectors*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".siem-signals*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.diagnostic.collection-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"apm-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
".ml-anomalies*",
".ml-stats-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".asset-criticality.asset-criticality-*"
],
"privileges" : [
"create_index",
"manage",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-logstash.*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-cloud_security_posture.findings-*",
"logs-cloud_security_posture.vulnerabilities-*"
],
"privileges" : [
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-endpoint.metrics-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.actions-*"
],
"privileges" : [
"auto_configure",
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
".preview.alerts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-fleet_server*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-endpoint.policy-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
".fleet-policies-leader*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-actions*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-secrets*"
],
"privileges" : [
"create_index",
"delete",
"write"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-agents*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-servers*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-fileds*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-policies*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-artifacts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".apm-agent-configuration"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".apm-source-map"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-filedelivery-meta-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-files-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".apm-custom-link"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-file-data-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".kibana*",
".reporting-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-filedelivery-data-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-enrollment-api-keys*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
}
],
"applications" : [
{
"application" : "kibana-.kibana",
"privileges" : [
"visualize_all",
"reporting_generate",
"discover_all",
"dashboard_all"
],
"resources" : [
"*"
]
}
],
"run_as" : [ ],
"remote_indices" : [
{
"names" : [
"traces-apm-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
"logs-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
".monitoring-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
"metrics-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
"traces-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
"apm-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
}
]
}
Do you?
This ^^^ is not correct... BTW When I used what you originally had I got the same results
it should look something like this (NOTE NOT COMPLETE)
PUT kbn:/api/security/role/custom_reporting_user
{
"elasticsearch": {
"cluster": [],
"indices": [],
"run_as": []
},
"kibana": [
{
"spaces": [
"*"
],
"base": [],
"feature": {
"dashboard": [
"generate_report",
"download_csv_report",
"all"
],
"discover": [
"generate_report",
"all"
],
"canvas": [
"generate_report"
],
"visualize": [
"generate_report",
"all"
]
}
}
]
}
The feature names etc are not an exact mapping between what you put in via Kibana API and the direct Elastic API ... so I suggest putting them via Kibana API as the document suggests, then GET them via Elastic API so you can see the translation then set them correctly via the Elastic API if needed.
Confusing but I hope that helps
If you run these 2 commands I think you will see the difference
GET kbn:/api/security/role/custom_reporting_user
GET _security/role/custom_reporting_user
Which results in the Elastic privileges below so the section would look something like this
{
"custom_reporting_user": {
"cluster": [],
"indices": [],
"applications": [
{
"application": "kibana-.kibana",
"privileges": [
"feature_dashboard.generate_report", <<< SEE HERE
"feature_dashboard.download_csv_report",
"feature_dashboard.all",
"feature_discover.generate_report",
"feature_discover.all",
"feature_canvas.generate_report",
"feature_visualize.generate_report",
"feature_visualize.all"
],
"resources": [
"*"
]
}
],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}
}
Hi Stephen,
For some reason I am not able to run those commands. I am getting 403:
GET /kibana/api/security/role/custom_reporting_user
{
"statusCode": 403,
"error": "Forbidden",
"message": "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: action [cluster:admin/xpack/security/role/get] is unauthorized for user [admin] with effective roles [ibm_superuser,kibana_system], this action is granted by the cluster privileges [read_security,manage_security,all]]: action [cluster:admin/xpack/security/role/get] is unauthorized for user [admin] with effective roles [ibm_superuser,kibana_system], this action is granted by the cluster privileges [read_security,manage_security,all]"
}
curl -k -u admin -X GET "https://7fc43ac1d:31969/_security/role/custom_reporting_user?pretty"ivate.databases.appdomain.cloud
Enter host password for user 'admin':
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "action [cluster:admin/xpack/security/role/get] is unauthorized for user [admin] with effective roles [ibm_superuser,kibana_system], this action is granted by the cluster privileges [read_security,manage_security,all]"
}
],
"type" : "security_exception",
"reason" : "action [cluster:admin/xpack/security/role/get] is unauthorized for user [admin] with effective roles [ibm_superuser,kibana_system], this action is granted by the cluster privileges [read_security,manage_security,all]"
},
"status" : 403
}
It is an IBM managed Elasticsearch instance and it seems I don't have the permissions even to check that.
Thoughts?
That is Not Correct In Kibana Dev Console
GET kbn:/api/security/role/custom_reporting_user
^^^^^^^^
There are different APIs for Kibana and Elasticsearch
Elasticsearch APIs - Run against Elastic endpoint
Kibana APIs - Run These agains Kibana Endpoint or in Dev Tools with prefix kbn:/
What I would do is get back to a user that works and work from the Kibana Dev Tools
I really can't help with all the roles issues... the point is
You are setting things like
"applications" : [
{
"application" : "kibana-.kibana",
"privileges" : [
"visualize_all",
"reporting_generate",
"discover_all",
"dashboard_all"
],
"resources" : [
"*"
]
}
],
When they should look like
"indices": [],
"applications": [
{
"application": "kibana-.kibana",
"privileges": [
"feature_dashboard.generate_report", <<< SEE HERE
"feature_dashboard.download_csv_report",
"feature_dashboard.all",
"feature_discover.generate_report",
"feature_discover.all",
"feature_canvas.generate_report",
"feature_visualize.generate_report",
"feature_visualize.all"
],
"resources": [
"*"
]
}
],
Hi Stephen,
I see.
But unfortunately none of the users are working.
I can't even access DevTools.
So use the Elasticsearch API and reset the Kibana Privileges on your normal user...
You had privileges to change at some point... right
So use the Elastic API to set the role
change back to
"applications": [
{
"application": "*",
"privileges": [
"*"
],
"resources": [
"*"
]
}
],
Then you will be able to get back into kibana
Hi Stephen,
For some reason, I am not able to do that.
I am getting 403 even with the admin user.
Hi @eparreiras If you would like further help, you will need to be much clearer and more precise.
I do not know what "that" is, I do not know what the "admin" user is, and without details of the command and exact output I can not help 
I have lost track of what you are currently trying to accomplish... get back into Kibana or create a reporting role both... neither?
So let's back up, what are you trying to accomplish at this time?
Start by showing what the current privileges of the current admin
Please show the command and full output.
curl -k -u admin:<password> https://<esendpoint>:<port>/_security/user/_privileges
Hi Stephen,
Sorry for the confusion.
Yes, we are trying to get back into Kibana.
This is the output:
{
"cluster" : [
"cancel_task",
"cluster:admin/analyze",
"cluster:admin/xpack/monitoring/bulk",
"cluster:admin/xpack/security/api_key/invalidate",
"cluster:admin/xpack/security/privilege/builtin/get",
"cluster:admin/xpack/security/profile/activate",
"cluster:admin/xpack/security/profile/get",
"cluster:admin/xpack/security/profile/has_privileges",
"cluster:admin/xpack/security/profile/suggest",
"delegate_pki",
"grant_api_key",
"manage_enrich",
"manage_ilm",
"manage_index_templates",
"manage_ml",
"manage_oidc",
"manage_own_api_key",
"manage_pipeline",
"manage_saml",
"manage_token",
"manage_transform",
"monitor",
"monitor_connector",
"monitor_text_structure",
"write_fleet_secrets"
],
"global" : [
{
"profile" : {
"write" : {
"applications" : [
"kibana*"
]
}
}
},
{
"application" : {
"manage" : {
"applications" : [
"kibana-*"
]
}
}
}
],
"indices" : [
{
"names" : [
".management-beats"
],
"privileges" : [
"create_index",
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-cloud_security_posture.findings_latest-default*",
"logs-cloud_security_posture.scores-default*",
"logs-cloud_security_posture.vulnerabilities_latest-default*"
],
"privileges" : [
"create_index",
"delete",
"index",
"indices:admin/aliases",
"indices:admin/settings/update",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"kibana_sample_data_*"
],
"privileges" : [
"create_index",
"delete_index",
"index",
"indices:admin/aliases",
"indices:admin/settings/update",
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".monitoring-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
"traces-apm-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
".alerts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-ti_*_latest.*"
],
"privileges" : [
"create_index",
"delete",
"delete_index",
"index",
"indices:admin/aliases",
"indices:admin/settings/update",
"manage",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-osquery_manager.action.responses-*"
],
"privileges" : [
"auto_configure",
"create_index",
"delete",
"index",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-endpoint.metadata*"
],
"privileges" : [
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".items-*",
".lists-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"risk-score.risk-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-osquery_manager.actions-*"
],
"privileges" : [
"auto_configure",
"create_index",
"delete",
"index",
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-osquery_manager.action.responses-*"
],
"privileges" : [
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.action.responses-*",
".logs-endpoint.actions-*",
".logs-endpoint.diagnostic.collection-*",
".logs-endpoint.heartbeat-*",
".logs-osquery_manager.action.responses-*",
".logs-osquery_manager.actions-*",
"/metrics-.*&~(metrics-endpoint\\.metadata_current_default.*)/",
"logs-*",
"logs-osquery_manager.action.responses-*",
"profiling-*",
"synthetics-*",
"traces-*"
],
"privileges" : [
"indices:admin/data_stream/lifecycle/put",
"indices:admin/mapping/put",
"indices:admin/rollover",
"indices:admin/settings/update"
],
"allow_restricted_indices" : false
},
{
"names" : [
".ml-annotations*",
".ml-notifications*"
],
"privileges" : [
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-ti_*.*-*"
],
"privileges" : [
"indices:admin/delete",
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".internal.alerts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-fleet_server*"
],
"privileges" : [
"delete_index",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-crowdstrike.*",
"logs-sentinel_one.*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-endpoint.events.*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"traces-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-cloud_defend.*",
"metrics-cloud_defend.*"
],
"privileges" : [
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".metrics-endpoint.metadata_current_default*",
".metrics-endpoint.metadata_united_default*",
"metrics-endpoint.metadata_current_default*"
],
"privileges" : [
"create_index",
"delete_index",
"index",
"indices:admin/aliases",
"indices:admin/settings/update",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".slo-observability.*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
".internal.preview.alerts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.heartbeat-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.diagnostic.collection-*",
"logs-apm-*",
"logs-apm.*-*",
"metrics-apm-*",
"metrics-apm.*-*",
"synthetics-browser-*",
"synthetics-browser.network-*",
"synthetics-browser.screenshot-*",
"synthetics-http-*",
"synthetics-icmp-*",
"synthetics-tcp-*",
"traces-apm-*",
"traces-apm.*-*"
],
"privileges" : [
"indices:admin/delete"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-elastic_agent*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.action.responses-*"
],
"privileges" : [
"auto_configure",
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
"*"
],
"privileges" : [
"all",
"monitor",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".elastic-connectors*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".siem-signals*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.diagnostic.collection-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"apm-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
".ml-anomalies*",
".ml-stats-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".asset-criticality.asset-criticality-*"
],
"privileges" : [
"create_index",
"manage",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-logstash.*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-cloud_security_posture.findings-*",
"logs-cloud_security_posture.vulnerabilities-*"
],
"privileges" : [
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-endpoint.metrics-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.actions-*"
],
"privileges" : [
"auto_configure",
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
".preview.alerts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-fleet_server*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-endpoint.policy-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
".fleet-policies-leader*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-actions*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-secrets*"
],
"privileges" : [
"create_index",
"delete",
"write"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-agents*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-servers*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-fileds*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-policies*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-artifacts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".apm-agent-configuration"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".apm-source-map"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-filedelivery-meta-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-files-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".apm-custom-link"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-file-data-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".kibana*",
".reporting-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-filedelivery-data-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-enrollment-api-keys*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
}
],
"applications" : [
{
"application" : "kibana-.kibana",
"privileges" : [
"visualize_all",
"reporting_generate",
"discover_all",
"dashboard_all"
],
"resources" : [
"*"
]
}
],
"run_as" : [ ],
"remote_indices" : [
{
"names" : [
"traces-apm-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
"logs-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
".monitoring-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
"metrics-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
"traces-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
"apm-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
}
]
}
Hi @eparreiras
Of what? Missing exactly what I asked for.
That's the output of exactly which command for which user? Which role... You seem to have the context in your head of what you're doing but not sharing with me... Which makes it nearly impossible to actually help.
Please always show the command plus the full output Plus any context Otherwise there's confusion.
Trying to help... Being precise will help
Are you trying to change the role of the user that you're trying to change the role?
Role in other words, if you have an admin user with admin role ...
Are you using that admin user to try to change its own admin role... If so, that's not a good idea... You can only decrease privileges if you're doing that...
Hi @stephenb,
This is the full output for the command you asked:
kibana@kibana-65587cd7b6-qb6tm:~$ curl -k -u admin https://7fc43ac1-7502-4435-9831-7c2c6d67cf59.c38qvnlz04atmdpus310.private.databases.appdomain.cloud:31969/_security/user/_privileges?pretty
Enter host password for user 'admin':
{
"cluster" : [
"cancel_task",
"cluster:admin/analyze",
"cluster:admin/xpack/monitoring/bulk",
"cluster:admin/xpack/security/api_key/invalidate",
"cluster:admin/xpack/security/privilege/builtin/get",
"cluster:admin/xpack/security/profile/activate",
"cluster:admin/xpack/security/profile/get",
"cluster:admin/xpack/security/profile/has_privileges",
"cluster:admin/xpack/security/profile/suggest",
"delegate_pki",
"grant_api_key",
"manage_enrich",
"manage_ilm",
"manage_index_templates",
"manage_ml",
"manage_oidc",
"manage_own_api_key",
"manage_pipeline",
"manage_saml",
"manage_token",
"manage_transform",
"monitor",
"monitor_connector",
"monitor_text_structure",
"write_fleet_secrets"
],
"global" : [
{
"profile" : {
"write" : {
"applications" : [
"kibana*"
]
}
}
},
{
"application" : {
"manage" : {
"applications" : [
"kibana-*"
]
}
}
}
],
"indices" : [
{
"names" : [
".management-beats"
],
"privileges" : [
"create_index",
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-cloud_security_posture.findings_latest-default*",
"logs-cloud_security_posture.scores-default*",
"logs-cloud_security_posture.vulnerabilities_latest-default*"
],
"privileges" : [
"create_index",
"delete",
"index",
"indices:admin/aliases",
"indices:admin/settings/update",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"kibana_sample_data_*"
],
"privileges" : [
"create_index",
"delete_index",
"index",
"indices:admin/aliases",
"indices:admin/settings/update",
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".monitoring-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
"traces-apm-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
".alerts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-ti_*_latest.*"
],
"privileges" : [
"create_index",
"delete",
"delete_index",
"index",
"indices:admin/aliases",
"indices:admin/settings/update",
"manage",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-osquery_manager.action.responses-*"
],
"privileges" : [
"auto_configure",
"create_index",
"delete",
"index",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-endpoint.metadata*"
],
"privileges" : [
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".items-*",
".lists-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"risk-score.risk-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-osquery_manager.actions-*"
],
"privileges" : [
"auto_configure",
"create_index",
"delete",
"index",
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-osquery_manager.action.responses-*"
],
"privileges" : [
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.action.responses-*",
".logs-endpoint.actions-*",
".logs-endpoint.diagnostic.collection-*",
".logs-endpoint.heartbeat-*",
".logs-osquery_manager.action.responses-*",
".logs-osquery_manager.actions-*",
"/metrics-.*&~(metrics-endpoint\\.metadata_current_default.*)/",
"logs-*",
"logs-osquery_manager.action.responses-*",
"profiling-*",
"synthetics-*",
"traces-*"
],
"privileges" : [
"indices:admin/data_stream/lifecycle/put",
"indices:admin/mapping/put",
"indices:admin/rollover",
"indices:admin/settings/update"
],
"allow_restricted_indices" : false
},
{
"names" : [
".ml-annotations*",
".ml-notifications*"
],
"privileges" : [
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-ti_*.*-*"
],
"privileges" : [
"indices:admin/delete",
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".internal.alerts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-fleet_server*"
],
"privileges" : [
"delete_index",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-crowdstrike.*",
"logs-sentinel_one.*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-endpoint.events.*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"traces-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-cloud_defend.*",
"metrics-cloud_defend.*"
],
"privileges" : [
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".metrics-endpoint.metadata_current_default*",
".metrics-endpoint.metadata_united_default*",
"metrics-endpoint.metadata_current_default*"
],
"privileges" : [
"create_index",
"delete_index",
"index",
"indices:admin/aliases",
"indices:admin/settings/update",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".slo-observability.*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
".internal.preview.alerts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.heartbeat-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.diagnostic.collection-*",
"logs-apm-*",
"logs-apm.*-*",
"metrics-apm-*",
"metrics-apm.*-*",
"synthetics-browser-*",
"synthetics-browser.network-*",
"synthetics-browser.screenshot-*",
"synthetics-http-*",
"synthetics-icmp-*",
"synthetics-tcp-*",
"traces-apm-*",
"traces-apm.*-*"
],
"privileges" : [
"indices:admin/delete"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-elastic_agent*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.action.responses-*"
],
"privileges" : [
"auto_configure",
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
"*"
],
"privileges" : [
"all",
"monitor",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
".elastic-connectors*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".siem-signals*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.diagnostic.collection-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"apm-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
".ml-anomalies*",
".ml-stats-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".asset-criticality.asset-criticality-*"
],
"privileges" : [
"create_index",
"manage",
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-logstash.*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-cloud_security_posture.findings-*",
"logs-cloud_security_posture.vulnerabilities-*"
],
"privileges" : [
"read",
"view_index_metadata"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-endpoint.metrics-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
".logs-endpoint.actions-*"
],
"privileges" : [
"auto_configure",
"read",
"write"
],
"allow_restricted_indices" : false
},
{
"names" : [
".preview.alerts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-fleet_server*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
},
{
"names" : [
"metrics-endpoint.policy-*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
},
{
"names" : [
"logs-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false
},
{
"names" : [
".fleet-policies-leader*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-actions*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-secrets*"
],
"privileges" : [
"create_index",
"delete",
"write"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-agents*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-servers*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-fileds*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-policies*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-artifacts*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".apm-agent-configuration"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".apm-source-map"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-filedelivery-meta-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-files-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".apm-custom-link"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-file-data-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".kibana*",
".reporting-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-filedelivery-data-*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
},
{
"names" : [
".fleet-enrollment-api-keys*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
}
],
"applications" : [
{
"application" : "kibana-.kibana",
"privileges" : [
"visualize_all",
"reporting_generate",
"discover_all",
"dashboard_all"
],
"resources" : [
"*"
]
}
],
"run_as" : [ ],
"remote_indices" : [
{
"names" : [
"traces-apm-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
"logs-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
".monitoring-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
"metrics-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
"traces-apm.*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
},
{
"names" : [
"apm-*"
],
"privileges" : [
"read",
"read_cross_cluster"
],
"allow_restricted_indices" : false,
"clusters" : [
"*"
]
}
]
}
I am only trying to get into Kibana.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.