New user created with API has admin role not recognized

Hi, I'm trying to create a user for Kibana (elastic is reserved so I can't use it).

I had executed these API call to do so, but admin role seems not beeing recognized. Do you have any clue ?
(user and password are temporary, i'm trying to get this working, all my stack is on version 8.15.1)

$ curl -s -X POST -u "elastic:myelasticpassword" -H "Content-Type: application/json" http://localhost:9200/_security/user/kibana_app -d '{"username":"kibana_app","password":"mykibanapassword","roles" : [admin]}'
{"created":true}%

$ curl -s -X GET -u "elastic:myelasticpassword" -H "Content-Type: application/json" http://localhost:9200/_security/user/kibana_app
{"kibana_app":{"username":"kibana_app","roles":["admin"],"full_name":null,"email":null,"metadata":{},"enabled":true}}%


$ curl -u kibana_app:mykibanapassword http://localhost:9200/_cluster/health
{"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:monitor/health] is unauthorized for user [kibana_app] with effective roles [] (assigned roles [admin] were not found), this action is granted by the cluster privileges [monitor,manage,all]"}],"type":"security_exception","reason":"action [cluster:monitor/health] is unauthorized for user [kibana_app] with effective roles [] (assigned roles [admin] were not found), this action is granted by the cluster privileges [monitor,manage,all]"},"status":403}%

It doesn't look like you have an admin role. Were you expecting one? Elasticsearch doesn't ship with one.

Hi TimV, I have had the user with admin role like exposed in the documentation. Here my JSON body of the first call :

{
  "username":"kibana_app",
  "password":"mykibanapassword",
  "roles" : ["admin"]
}

The second call prove me that the user is created with the correct role.

The third one using this new created user is indicating that he can't find any role for him.

Oh I may have understand, Elasticsearch has no role named "admin", is that it ?

What are the default roles if there is no one named 'admin' ?

Thank you for your indication, I have had misunderstood at which level role was missing.

The equivalent to admin would be the superuser role, this role has full access to everything in Elastic, so be careful in using it.

1 Like

Thank you Leandro, I will use this one carefully and learn how to create a new one.