Kibana status is Red - security_exception

Henrique_Mauri · January 29, 2020, 2:33pm

Hello

I'm having trouble opening my Kibana, the error is displayed:

plugin: security@7.1.1 - [security_exception] action [cluster: admin / xpack / security / privilege / delete] is unauthorized for user [found-internal-kibana4-server]

How to solve this error?

rashmi · January 29, 2020, 3:31pm

This means that the logged in user doesn't have the right set of privileges. When and where do you see that error? In Kibana? When you log in? Or in a log file?

To Just use Kibana and have access to the data in an index, a user would typically only require;

kibana_user
a role with read and view_index_metadata privs on that particular index (and no cluster privs)
You could turn on audit logging in your Elasticsearch cluster and that would show you what user it is getting the error and what index they are accessing.

https://www.elastic.co/guide/en/x-pack/current/auditing.html

You could also query Elasticsearch for your users and roles and paste it here so we could check that you really have everything set correctly.

curl -XGET http://localhost:9200/_xpack/security/role?pretty

curl -XGET http://localhost:9200/_xpack/security/user?pretty

Please let us know if that helps.

Regards,
Rashmi

Henrique_Mauri · January 29, 2020, 4:15pm

hi Rashmi

This error appears as soon as I log in to Kibana, making any action impossible, as shown in the image below!

I've created new users with the roles superuser and kibana_user but the error persists!

Capturar|546x500

rashmi · January 29, 2020, 4:56pm

Can we have supporting Kibana logs and ES logs as well when this happens ? what version of the stack are u on ?

Thanks
Rashmi

Henrique_Mauri · January 29, 2020, 5:52pm

Hi Rashmi

I'm sorry, but how do I get the logs? We use Elastic at "https://cloud.elastic.co" and I only have these menus

rashmi · January 29, 2020, 6:01pm

There seems to be something wrong with the kibana user created - which is unable to talk to ES. . Pinging cloud here :

@imkarrer

Thanks
Rashmi

rashmi · January 29, 2020, 6:58pm

Hi
Since this is a cloud issue, will you please open a support ticket , so that more eyes can get to it ? I have moved this question to Cloud Discuss.

Thanks
Rashmi

Henrique_Mauri · January 29, 2020, 7:15pm

Ok Rashmi

I already opened a ticket with this case.

Thank you very much for your attention and support

Thanks
Henrique

rashmi · January 29, 2020, 7:18pm

Thanks ...hope it gets resolved soon.

Rashmi

system · February 26, 2020, 7:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.