Kibana Space Role Configuration, please help!

Hi folks,

I'm using ELK 7.3, I am trying to setup Kibana, in particular setup native Kibana realm so different users have different permission/privileges for a particular Kibana space, for purposes of illustration let's call the space myspace. I require three different types of roles which I've created:

  1. A dashboard only user role
  2. A user with read only access to the artifacts in the space (with particular feature privileges enabled in read only discover, dashboards)
  3. A user with space admin access to all artifacts in the space (with all feature privileges enabled)

The myspace space has associated myspace-* indexes and associated visualisations, dashboards and index patterns

  • I can successfully login to Kibana as expected as user with role #1 and #3 as described above, and everything is sweet, but attempting to login with user #2 fails..


  • Attempting to login as user with read only access fails (#2 above) is failing
  • Kibana attempts to access the space, throws an error on the UI (as shown below), reattempts to re-login and repeats the pattern over and over again. The following is the browser output I receive on login attempt:
Something went wrong
Try refreshing the page. If that doesn't work, go back to the previous page or clear your session data.

[$rootScope:infdig] 10 $digest() iterations reached. Aborting! Watchers fired in the last 5 iterations: []$rootScope/infdig?p0=10&p1=%5B%5D
Version: 7.3.0
Build: 25250
Error: [$rootScope:infdig] 10 $digest() iterations reached. Aborting!
Watchers fired in the last 5 iterations: []$rootScope/infdig?p0=10&p1=%5B%5D
    at https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:1181
    at Scope.$digest (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:211677)
    at Scope.$apply (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:213504)
    at bootstrapApply (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:17480)
    at Object.invoke (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:53311)
    at doBootstrap (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:17359)
    at Object.bootstrap (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:17868)
    at (https://xxxx/kibana/bundles/commons.bundle.js:3:1846908)
    at LegacyPlatformService.start (https://xxxx/kibana/bundles/commons.bundle.js:3:1842907)
    at CoreSystem._callee2$ (https://xxxx/kibana/bundles/commons.bundle.js:3:1839477)

Note: I've redacted the host info above


  • The only way to get out of the continual Kibana login attempt loop is is to clear the browser session, as the error message suggests.
  • Apart from the browser console error there is no evident output in kibana/elasticsearch verbose logs
  • It's difficult to debug - there are no specific errors stack traces in kibana logs other than what appears in browser console.


  • Am I missing something simple here ?
  • Has anyone come across this before (or something similar) ?
  • Is there something the matter with the configuration I'm using (I've added further information given below) ?
  • Is there additional configuration I need to setup which I have overlooked/missed ?

Further information

A summary of the Kibana setup is shown below:

username rolename index privileges space privileges other comments
myspace_dashboard_user myspace_dashboard_role my-space index read privileges myspace space read privileges to dashboard feature This is working as expected for me
myspace_user myspace_user_role my-space index read privileges myspace space read only privileges to a subset of features This is where I hit the Kibana error and repeated login issue
myspace_admin mysspace_admin_role my-space index all privileges myspace space all privileges to all features This also works as expected

Thanks in advance for your time and any help/advice you can offer me.

Sorry to hear that. It could be a bug. However, I was not able to re-create the issue given the info you provided.

Can you open a new issue in the Kibana repo? Please include the information above and maybe more details on the exact privileges of the user and role that can not log in.

Hi @nickpeihl,

Thanks for your help. I've done a little more analysis and created an issue, which might help narrow down the problem.
Kibana user login errors on login when role space dashboard feature privilege is READ or NONE .

For anyone else running into this issue:

We diagnosed this in the linked GitHub issue. Using the kibana.defaultAppId setting in your kibana.yml will not read the user's permissions. It will blindly redirect users to the specified application, even if they aren't authorized to access that resource.

The same behavior can be found with server.defaultRoute, but we are working on adding support for space-specific default routes to help alleviate this.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.