Not authorized to use Reporting

Kaabo · September 15, 2016, 4:09pm

Hi,

I am trying to use Reporting -plugin with Shield on my Win10. My versions are:

Elasticsearch: 2.4.0
Kibana: 4.6.1
Reporting: 2.4.1

After multiple attempts I still get the error:

“Reporting: Error 403 Forbidden: Sorry, you are not authorized to use Reporting”

I have installed a valid license for product validation purposes issued by Elastic.

Here are my roles:

my_kibana_user:
cluster:
- monitor
indices:
- names: ''
privileges:
- view_index_metadata
- read
- names: '.kibana'
privileges:
- manage
- read
- index

And

reporting_user:
indices:
- names: '.reporting-*'
privileges:
- read
- write

I am assigning the roles with sense:

POST /_shield/user/kibana_user1
{
"password" : "very_secret",
"roles" : [ "my_kibana_user","reporting_user"]
}

Any idea what the problem could be?

Best,
Kai

Joe_Fleming · September 16, 2016, 9:18pm

I don't believe that Shield has the REST API in 2.4. What response do you get from the server when you run that?

As far as I know, you have to use ./bin/shield/esusers to add and modify users. Like so:

./bin/shield/esusers useradd kibana_user1 -r my_kibana_user,reporting_user -p very_secret

I believe you can do that while Elasticsearch is running, and no restart is required, but I could be wrong about that.

Kaabo · September 19, 2016, 10:19am

Running that POST command I get a response:

{
"user": {
"created": true
}
}

Then checking my shield users with:

GET _shield/user

I get a response including the new user with the needed roles:

"kibana_user1": {
"username": "kibana_user1",
"roles": [
"my_kibana_user",
"reporting_user"
],
"full_name": null,
"email": null,
"metadata": {}
}

Those roles I pasted above are from roles.yml and work just fine with Kibana and Sense, but not with Reporting.

bwgriffith · September 28, 2016, 2:16pm

I had a similar issue. Was able to solve it by editing my roles.yml to:

kibana4_server:
  cluster:
      - cluster:monitor/nodes/info
      - cluster:monitor/health
      - cluster:monitor/plugin/license/get
  indices:
    '.kibana':
      privileges: indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/mappings/fields/get, indices:admin/refresh, indices:admin/validate/query, indices:data/read/get, indices:data/read/mget, indices:data/read/search, indices:data/write/delete, indices:data/write/index, indices:data/write/update
    '.reporting-*':
      privileges: all

Hope this helps.

Kaabo · September 29, 2016, 10:07am

Thanks! This helped me one step forward. Now I get the error:

There was an error generating your report for the "Reporting test printable" dashboard: Error: URL open failed. Is the server running?

Just noticed that there is a topic on that area already.