Kibana login broken after trying to enable reporting. "You do not have permission to access the requested page" message - Need help to fix it

stephenb · January 18, 2026, 4:38pm

I can say the application section is not valid the way you have it

It should look something like this NOT how you have it.

    "applications": [
      {
        "application": "kibana-.kibana",
        "privileges": [
          "feature_dashboard.generate_report",
          "feature_dashboard.download_csv_report",
          "feature_dashboard.all",
          "feature_discover.generate_report",
          "feature_discover.all",
          "feature_canvas.generate_report",
          "feature_visualize.generate_report",
          "feature_visualize.all"
        ],
        "resources": [
          "*"
        ]
      }
    ],

Also can you validate the version you are running because

"monitor_connector", Does not exist in 8.10 as far as I know so what version are you on?

Also your global is not valid as far as I can telll from the documentation

global
(object) An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges. This field is optional.

global does not support profile nor does it take an array

  "global" : [
    {
      "profile" : {  <<<< THIS IS NOT SUPPORTED An
        "write" : {
          "applications" : [
            "kibana*"
          ]
        }
      }
    },
    {
      "application" : {
        "manage" : {
          "applications" : [
            "kibana-*"
          ]
        }
      }
    }
  ],

Only this works for me

  "global": {
    "application": {
      "manage": {
        "applications": [
          "kibana-*"
        ]
      }
    }
  },

I am not sure if there are differences

eparreiras · January 18, 2026, 4:57pm

Hi @stephenb,

Elasticsearch version is 8.15.

stephenb · January 18, 2026, 4:58pm

Here is what I got to work in 8.10
Fixed global
Took out cluster privileges monitor_connector
Fixed applications to use the right syntax

I created a user that used this role and was able to get to kinbana discover, dashboards etc

DELETE _security/role/test-role
PUT _security/role/test-role
{
  "cluster": [
    "cancel_task",
    "cluster:admin/analyze",
    "cluster:admin/xpack/monitoring/bulk",
    "cluster:admin/xpack/security/api_key/invalidate",
    "cluster:admin/xpack/security/privilege/builtin/get",
    "cluster:admin/xpack/security/profile/activate",
    "cluster:admin/xpack/security/profile/get",
    "cluster:admin/xpack/security/profile/has_privileges",
    "cluster:admin/xpack/security/profile/suggest",
    "delegate_pki",
    "grant_api_key",
    "manage_enrich",
    "manage_ilm",
    "manage_index_templates",
    "manage_ml",
    "manage_oidc",
    "manage_own_api_key",
    "manage_pipeline",
    "manage_saml",
    "manage_token",
    "manage_transform",
    "monitor",

    "monitor_text_structure",
    "write_fleet_secrets"
  ],
  "global": {
    "application": {
      "manage": {
        "applications": [
          "kibana-*"
        ]
      }
    }
  },
  "indices": [
    {
      "names": [
        ".management-beats"
      ],
      "privileges": [
        "create_index",
        "read",
        "write"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "logs-cloud_security_posture.findings_latest-default*",
        "logs-cloud_security_posture.scores-default*",
        "logs-cloud_security_posture.vulnerabilities_latest-default*"
      ],
      "privileges": [
        "create_index",
        "delete",
        "index",
        "indices:admin/aliases",
        "indices:admin/settings/update",
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "kibana_sample_data_*"
      ],
      "privileges": [
        "create_index",
        "delete_index",
        "index",
        "indices:admin/aliases",
        "indices:admin/settings/update",
        "read",
        "view_index_metadata"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".monitoring-*"
      ],
      "privileges": [
        "read",
        "read_cross_cluster"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "traces-apm-*"
      ],
      "privileges": [
        "read",
        "read_cross_cluster"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".alerts*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "logs-ti_*_latest.*"
      ],
      "privileges": [
        "create_index",
        "delete",
        "delete_index",
        "index",
        "indices:admin/aliases",
        "indices:admin/settings/update",
        "manage",
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".logs-osquery_manager.action.responses-*"
      ],
      "privileges": [
        "auto_configure",
        "create_index",
        "delete",
        "index",
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "metrics-apm.*"
      ],
      "privileges": [
        "read",
        "read_cross_cluster"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "metrics-endpoint.metadata*"
      ],
      "privileges": [
        "read",
        "view_index_metadata"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".items-*",
        ".lists-*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "risk-score.risk-*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".logs-osquery_manager.actions-*"
      ],
      "privileges": [
        "auto_configure",
        "create_index",
        "delete",
        "index",
        "read",
        "write"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "logs-osquery_manager.action.responses-*"
      ],
      "privileges": [
        "read",
        "view_index_metadata"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".logs-endpoint.action.responses-*",
        ".logs-endpoint.actions-*",
        ".logs-endpoint.diagnostic.collection-*",
        ".logs-endpoint.heartbeat-*",
        ".logs-osquery_manager.action.responses-*",
        ".logs-osquery_manager.actions-*",
        "/metrics-.*&~(metrics-endpoint\\.metadata_current_default.*)/",
        "logs-*",
        "logs-osquery_manager.action.responses-*",
        "profiling-*",
        "synthetics-*",
        "traces-*"
      ],
      "privileges": [
        "indices:admin/data_stream/lifecycle/put",
        "indices:admin/mapping/put",
        "indices:admin/rollover",
        "indices:admin/settings/update"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".ml-annotations*",
        ".ml-notifications*"
      ],
      "privileges": [
        "read",
        "write"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "logs-ti_*.*-*"
      ],
      "privileges": [
        "indices:admin/delete",
        "read",
        "view_index_metadata"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".internal.alerts*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "logs-fleet_server*"
      ],
      "privileges": [
        "delete_index",
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "logs-crowdstrike.*",
        "logs-sentinel_one.*"
      ],
      "privileges": [
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "logs-endpoint.events.*"
      ],
      "privileges": [
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "traces-apm.*"
      ],
      "privileges": [
        "read",
        "read_cross_cluster"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "logs-cloud_defend.*",
        "metrics-cloud_defend.*"
      ],
      "privileges": [
        "read",
        "view_index_metadata"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".metrics-endpoint.metadata_current_default*",
        ".metrics-endpoint.metadata_united_default*",
        "metrics-endpoint.metadata_current_default*"
      ],
      "privileges": [
        "create_index",
        "delete_index",
        "index",
        "indices:admin/aliases",
        "indices:admin/settings/update",
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".slo-observability.*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".internal.preview.alerts*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".logs-endpoint.heartbeat-*"
      ],
      "privileges": [
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".logs-endpoint.diagnostic.collection-*",
        "logs-apm-*",
        "logs-apm.*-*",
        "metrics-apm-*",
        "metrics-apm.*-*",
        "synthetics-browser-*",
        "synthetics-browser.network-*",
        "synthetics-browser.screenshot-*",
        "synthetics-http-*",
        "synthetics-icmp-*",
        "synthetics-tcp-*",
        "traces-apm-*",
        "traces-apm.*-*"
      ],
      "privileges": [
        "indices:admin/delete"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "logs-elastic_agent*"
      ],
      "privileges": [
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".logs-endpoint.action.responses-*"
      ],
      "privileges": [
        "auto_configure",
        "read",
        "write"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "*"
      ],
      "privileges": [
        "all",
        "monitor",
        "view_index_metadata"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".elastic-connectors*"
      ],
      "privileges": [
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".siem-signals*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".logs-endpoint.diagnostic.collection-*"
      ],
      "privileges": [
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "apm-*"
      ],
      "privileges": [
        "read",
        "read_cross_cluster"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".ml-anomalies*",
        ".ml-stats-*"
      ],
      "privileges": [
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".asset-criticality.asset-criticality-*"
      ],
      "privileges": [
        "create_index",
        "manage",
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "metrics-logstash.*"
      ],
      "privileges": [
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "logs-cloud_security_posture.findings-*",
        "logs-cloud_security_posture.vulnerabilities-*"
      ],
      "privileges": [
        "read",
        "view_index_metadata"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "metrics-endpoint.metrics-*"
      ],
      "privileges": [
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".logs-endpoint.actions-*"
      ],
      "privileges": [
        "auto_configure",
        "read",
        "write"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".preview.alerts*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "metrics-fleet_server*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "metrics-endpoint.policy-*"
      ],
      "privileges": [
        "read"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "logs-apm.*"
      ],
      "privileges": [
        "read",
        "read_cross_cluster"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        ".fleet-policies-leader*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".fleet-actions*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".fleet-secrets*"
      ],
      "privileges": [
        "create_index",
        "delete",
        "write"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".fleet-agents*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".fleet-servers*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".fleet-fileds*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".fleet-policies*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".fleet-artifacts*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".apm-agent-configuration"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".apm-source-map"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".fleet-filedelivery-meta-*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".fleet-files-*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".apm-custom-link"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".fleet-file-data-*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".kibana*",
        ".reporting-*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".fleet-filedelivery-data-*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    },
    {
      "names": [
        ".fleet-enrollment-api-keys*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": true
    }
  ],
  "applications": [
    {
      "application": "kibana-.kibana",
      "privileges": [
        "feature_dashboard.generate_report",
        "feature_dashboard.download_csv_report",
        "feature_dashboard.all",
        "feature_discover.generate_report",
        "feature_discover.all",
        "feature_canvas.generate_report",
        "feature_visualize.generate_report",
        "feature_visualize.all"
      ],
      "resources": [
        "*"
      ]
    }
  ],
  "run_as": [],
  "remote_indices": [
    {
      "names": [
        "traces-apm-*"
      ],
      "privileges": [
        "read",
        "read_cross_cluster"
      ],
      "allow_restricted_indices": false,
      "clusters": [
        "*"
      ]
    },
    {
      "names": [
        "logs-apm.*"
      ],
      "privileges": [
        "read",
        "read_cross_cluster"
      ],
      "allow_restricted_indices": false,
      "clusters": [
        "*"
      ]
    },
    {
      "names": [
        ".monitoring-*"
      ],
      "privileges": [
        "read",
        "read_cross_cluster"
      ],
      "allow_restricted_indices": false,
      "clusters": [
        "*"
      ]
    },
    {
      "names": [
        "metrics-apm.*"
      ],
      "privileges": [
        "read",
        "read_cross_cluster"
      ],
      "allow_restricted_indices": false,
      "clusters": [
        "*"
      ]
    },
    {
      "names": [
        "traces-apm.*"
      ],
      "privileges": [
        "read",
        "read_cross_cluster"
      ],
      "allow_restricted_indices": false,
      "clusters": [
        "*"
      ]
    },
    {
      "names": [
        "apm-*"
      ],
      "privileges": [
        "read",
        "read_cross_cluster"
      ],
      "allow_restricted_indices": false,
      "clusters": [
        "*"
      ]
    }
  ]
}

Created test user which I logged in with

GET _security/user/testuser
DELETE /_security/user/testuser
POST /_security/user/testuser
{
  "password" : "gooblygook123",
  "roles" : [ "test-role"],
  "full_name" : "Stephen Brown"
}

stephenb · January 18, 2026, 4:59pm

From your first post...

From last post

Are you running missmatched versions? If so that is not a good thing....

In fact that could be a problem because the privileges may not be defined the same way between the versions

Read my recent posts
I showed proper applications section for 8.10... I'll need to double check on 8.15...

You definitely should not be running different versions of Kibana and elasticsearch

Your global does not work on any of my clusters as array or profiles is not supported so I can not help with that... perhaps that is a custom version of elastic

I showed you what worked for me above... perhaps start with that... I will check back later

QuietEdge · January 18, 2026, 8:34pm

Hi Sameena,

That sounds frustrating! If you can’t access DevTools or if none of the users are working, there might be a deeper issue with the setup or permissions.

Here are a couple of things to check:

Check Permissions: Ensure that the users have the right permissions to access the features you need.
Browser Issues: Sometimes, browser extensions or issues with the cache can interfere. Try using an incognito window or clearing the cache.
Console Errors: If you have access to the console via another method (e.g., a different device or temporary login), look for any errors that could point to the problem.

Let me know if any of these help or if you need further troubleshooting steps!

Topic		Replies	Views
Elastic search(8.2) and Kibana Authentication Error Kibana	11	5057	July 24, 2022
User in xpack security not added Kibana	14	3135	May 1, 2020
Kibana url not working. FATAL Error: [config validation of [elasticsearch].username]: value of "elastic" is forbidden. This is a superuser account that cannot write to system indices that Kibana needs to function. Use a service account token instead Kibana elastic-stack-security	14	5883	December 16, 2022
Unable To Access Kibana After Enabling Security Kibana	18	19267	August 19, 2021
Correct user permission / role when using kibana Kibana elastic-stack-monitoring	1	164	December 21, 2023

Kibana login broken after trying to enable reporting. "You do not have permission to access the requested page" message - Need help to fix it

Related topics