Hi folks,
I'm using ELK 7.3, I am trying to setup Kibana, in particular setup native Kibana realm so different users have different permission/privileges for a particular Kibana space, for purposes of illustration let's call the space myspace. I require three different types of roles which I've created:
- A
dashboardonly user role - A user with
read onlyaccess to the artifacts in the space (with particular feature privileges enabled in read only discover, dashboards) - A user with space
adminaccess to all artifacts in the space (with all feature privileges enabled)
The myspace space has associated myspace-* indexes and associated visualisations, dashboards and index patterns
- I can successfully login to Kibana as expected as user with role #1 and #3 as described above, and everything is sweet, but attempting to login with user #2 fails..
Issue
- Attempting to login as user with read only access fails (#2 above) is failing
- Kibana attempts to access the space, throws an error on the UI (as shown below), reattempts to re-login and repeats the pattern over and over again. The following is the browser output I receive on login attempt:
Something went wrong
Try refreshing the page. If that doesn't work, go back to the previous page or clear your session data.
[$rootScope:infdig] 10 $digest() iterations reached. Aborting! Watchers fired in the last 5 iterations: [] https://errors.angularjs.org/1.7.9-local+sha.ca61b0e84/$rootScope/infdig?p0=10&p1=%5B%5D
Version: 7.3.0
Build: 25250
Error: [$rootScope:infdig] 10 $digest() iterations reached. Aborting!
Watchers fired in the last 5 iterations: []
https://errors.angularjs.org/1.7.9-local+sha.ca61b0e84/$rootScope/infdig?p0=10&p1=%5B%5D
at https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:1181
at Scope.$digest (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:211677)
at Scope.$apply (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:213504)
at bootstrapApply (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:17480)
at Object.invoke (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:53311)
at doBootstrap (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:17359)
at Object.bootstrap (https://xxxx/kibana/built_assets/dlls/vendors.bundle.dll.js:499:17868)
at Object.chrome.bootstrap (https://xxxx/kibana/bundles/commons.bundle.js:3:1846908)
at LegacyPlatformService.start (https://xxxx/kibana/bundles/commons.bundle.js:3:1842907)
at CoreSystem._callee2$ (https://xxxx/kibana/bundles/commons.bundle.js:3:1839477)
Note: I've redacted the host info above
Observations
- The only way to get out of the continual Kibana login attempt loop is is to clear the browser session, as the error message suggests.
- Apart from the browser console error there is no evident output in kibana/elasticsearch verbose logs
- It's difficult to debug - there are no specific errors stack traces in kibana logs other than what appears in browser console.
Questions
- Am I missing something simple here ?
- Has anyone come across this before (or something similar) ?
- Is there something the matter with the configuration I'm using (I've added further information given below) ?
- Is there additional configuration I need to setup which I have overlooked/missed ?
Further information
A summary of the Kibana setup is shown below:
| username | rolename | index privileges | space privileges | other comments |
|---|---|---|---|---|
| myspace_dashboard_user | myspace_dashboard_role | my-space index read privileges | myspace space read privileges to dashboard feature | This is working as expected for me |
| myspace_user | myspace_user_role | my-space index read privileges | myspace space read only privileges to a subset of features | This is where I hit the Kibana error and repeated login issue |
| myspace_admin | mysspace_admin_role | my-space index all privileges | myspace space all privileges to all features | This also works as expected |
Thanks in advance for your time and any help/advice you can offer me.