Hi,
I have installed X-Pack on ELK stack version 6.2.4 without any errors. However in Kibana UI console screen ( Management > Security > Users or Roles> I am getting error message as "You do not have permission to manage users. Please contact your administrator.". It is showing as "kibana" only even after logging in as "elastic". Pls help with resolution.
Hi Murali,
Please make sure you clear all the cookies you might have for the specific domain via which you access kibana or try in an "incognito" tab.
Hi Ioannis, Thanks. I tried with clearing cookies etc but facing the same issue. However it is working fine when I tried in an "incognito" tab.
What shall I do now ?
You can restart your browser and this will fix it for you.
Out of curiosity, did you actually find and delete the sid cookie for Kibana and the domain you are accessing kibana via ? Or did you "clear all cookies" or something similar?
Can you also clarify your sequence of actions when you experienced this issue ? Did you log in as the kibana user first ? Did you explicitly logout before trying to log in as elastic user?
Hi Ioannis,
Browser restart has solved the issue. Thanks a lot.
Regards,
Ι will try to explain what happened here for the benefit of anyone having the same issue:
The problem you were facing wasn't because of cookies ( that's why clearing them didn't work ) but because of Basic Authentication.
To trigger this, one needs to either
In this case, while trying to access Kibana the browser will prompt the user to provide a Basic Authentication username/password that is stored in the browser's cache. This will be sent in all subsequent requests to Kibana as an Authorization header.
When the user later enables security in Kibana X-Pack, they will get prompted for authentication via a form, but when submitting the form, the Authorization header will be also sent, Kibana will read this and log them in with the credentials used in the original Basic Authentication event and not the ones entered in the login form.
Clearing the cookies doesn't help as the Authorization header value is stored in the Browser's cache that is cleared on restart.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.