I'm using ELK 7.3, I am trying to setup Kibana, in particular setup native Kibana realm so different users have different permission/privileges for a particular Kibana space, for purposes of illustration let's call the space
myspace. I require three different types of roles which I've created:
dashboardonly user role
- A user with
read onlyaccess to the artifacts in the space (with particular feature privileges enabled in read only discover, dashboards)
- A user with space
adminaccess to all artifacts in the space (with all feature privileges enabled)
myspace space has associated
myspace-* indexes and associated visualisations, dashboards and index patterns
- I can successfully login to Kibana as expected as user with role #1 and #3 as described above, and everything is sweet, but attempting to login with user #2 fails..
- Attempting to login as user with read only access fails (#2 above) is failing
- Kibana attempts to access the space, throws an error on the UI (as shown below), reattempts to re-login and repeats the pattern over and over again. The following is the browser output I receive on login attempt:
Something went wrong Try refreshing the page. If that doesn't work, go back to the previous page or clear your session data. [$rootScope:infdig] 10 $digest() iterations reached. Aborting! Watchers fired in the last 5 iterations:  https://errors.angularjs.org/1.7.9-local+sha.ca61b0e84/$rootScope/infdig?p0=10&p1=%5B%5D Version: 7.3.0 Build: 25250 Error: [$rootScope:infdig] 10 $digest() iterations reached. Aborting! Watchers fired in the last 5 iterations:  https://errors.angularjs.org/1.7.9-local+sha.ca61b0e84/$rootScope/infdig?p0=10&p1=%5B%5D at https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:1181 at Scope.$digest (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:211677) at Scope.$apply (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:213504) at bootstrapApply (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:17480) at Object.invoke (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:53311) at doBootstrap (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:17359) at Object.bootstrap (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:17868) at Object.chrome.bootstrap (https://xxxx/kibana/bundles/commons.bundle.js:3:1846908) at LegacyPlatformService.start (https://xxxx/kibana/bundles/commons.bundle.js:3:1842907) at CoreSystem._callee2$ (https://xxxx/kibana/bundles/commons.bundle.js:3:1839477) Note: I've redacted the host info above
- The only way to get out of the continual Kibana login attempt loop is is to clear the browser session, as the error message suggests.
- Apart from the browser console error there is no evident output in kibana/elasticsearch verbose logs
- It's difficult to debug - there are no specific errors stack traces in kibana logs other than what appears in browser console.
- Am I missing something simple here ?
- Has anyone come across this before (or something similar) ?
- Is there something the matter with the configuration I'm using (I've added further information given below) ?
- Is there additional configuration I need to setup which I have overlooked/missed ?
A summary of the Kibana setup is shown below:
|username||rolename||index privileges||space privileges||other comments|
|myspace_dashboard_user||myspace_dashboard_role||my-space index read privileges||myspace space read privileges to dashboard feature||This is working as expected for me|
|myspace_user||myspace_user_role||my-space index read privileges||myspace space read only privileges to a subset of features||This is where I hit the Kibana error and repeated login issue|
|myspace_admin||mysspace_admin_role||my-space index all privileges||myspace space all privileges to all features||This also works as expected|
Thanks in advance for your time and any help/advice you can offer me.