Okay,
I could investigate more deeply, I think my problem is actually very similar (if not the same) to Kibana "error fetching fields" forbidden
So I have a user whose role gives 'read' and 'view_index_metadata' access to a given index, and working in a space (and index-pattern) dedicated to this index.
Important point : all of those (user, index, space, index-pattern, role) are created through REST API.
Problem: when user logs-in after creation of its account and related space and index etc, he gets following error from Kibana GUI:
Error fetching fields for index pattern xxx : Forbidden
BUT once another user with 'kibana_admin' or similar rights access the same space, the problem then is solved for my user.
Following the issue I've pointed out, the problem seems to be recurrent every 24h.
The offered solution in this issue is just to give 'kibana_user' role to my user, which is not acceptable solution because then he has admin access to Kibana (and so can just destroy all spaces he shall not have access to...).
Giving 'all' access to .kibana* indices does not fix the problem.
I suspect some recurrent processing in Kibana requiring 'kibana admin' role.
Acceptable solution would be if such 'refresh' operation could be invoked through REST API, like a 'GET' operation that would indirectly perform the refresh. I could then plan it to be run every few hours from my application (using 'elastic' user credentials), but could not find any so far.
Hope this is now more clear ...
Laurent