Kibana_system privileges - unauthorized for user [kibana_system] with roles [kibana_system] on indices

Hi,

I changed the deprecated user kibana to kibana_system and now I have this error.

{"type":"log","@timestamp":"2022-04-28T02:45:00-04:00","tags":["error","plugins","wazuh","monitoring"],"pid":29306,"message":"security_exception: [security_exception] Reason: action [indices:admin/settings/update] is unauthorized for user [kibana_system] with roles [kibana_system] on indices [wazuh-monitoring-2022.04], this action is granted by the index privileges [manage,all]"}

The user kibana_system is locked for any changes. How can I grant those privileges?

Best Regards,
Petar

Documentation for adding/updating roles can be found here:

You can use Kibana Stack Management application to perform the changes on roles as well.

I usually have this at hand though (adapt accordingly):

curl -k --user "${ES_USER}:${ES_PASSWORD}" -X POST \
 -H "Content-Type: application/json" \
 -d '{"cluster":[],"indices":[],"applications":[]}' \
  "https://${ES_HOST}:${ES_PORT}/_security/role/${ROLE}"

The kibana_system user is meant to be used only by the Kibana application (i.e. configured in kibana.yml file) for system communication. It should not be used by other applications or interactive usages. Depending on your exact use case, but you most likely need to create a new user and grant relevant privileges.

1 Like

Yup, sorry @Penchev but @Yang_Wang is totally right :man_facepalming: