I have the following setup:
- 4.4.1 Kibana
- EN 2.2.0
- Plugin shield (2.3.1)
I have the shield configuration activated with internal realm. I have created several roles and one of them has set the security shield fields.
The configuration I have is this:
kibana4_role1:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
'.kibana*':
privileges: indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/mappings/fields/get, indices:admin/refresh, indices:admin/validate/query, indices:data/read/get, indices:data/read/mget, indices:data/read/search, indices:data/write/delete, indices:data/write/index, indices:data/write/update
'logstash-indice-a':
privileges: all
fields:
- ip
- url
With it, I can not access Kibana, I get an error:
ElasticsearchSecurityException [action [indices: data / read / msearch] is unauthorized for user [agent1]]
If I remove security settings and fields based on the active document, I have no problem. Works and access.
If I remove the security settings in general (or by fields or by documents) I can also access Kiabana smoothly.
NOTE: The basic index information is this:
"_index" : "logstash-indice-a",
"_type" : "logs",
"_id" : "AVToKq_7GEzUiOV5W_7z",
"_score" : 1.0,
"_source" : {
"message" : "127.0.0.1 - - [25/May/2016:15:46:30 +0200] \"GET /manual/images/left.gif HTTP/1.1\" 304 -\r",
"@version" : "1",
"@timestamp" : "2016-05-25T13:46:31.558Z",
"path" : "C:\\Program Files (x86)\\Apache Group\\Apache2\\logs\\access.log",
"host" : "BCN-83T55S1",
"ip" : "127.0.0.1",
"timestamp" : "25/May/2016:15:46:30",
"timezone" : "+0200",
"method" : "GET",
"url" : "/manual/images/left.gif HTTP/1.1\" 304 -\r"
}
I think when fields based security is enabled, so that Kibana can show indexes, you must put all the indices metadata, but I have tried different configurations without result.
this configuration should work but it is not so...
kibana4_role1:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
'.kibana*':
privileges: indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/mappings/fields/get, indices:admin/refresh, indices:admin/validate/query, indices:data/read/get, indices:data/read/mget, indices:data/read/search, indices:data/write/delete, indices:data/write/index, indices:data/write/update
'logstash-indice-a':
privileges: all
fields:
- message
- \@version
- \@timestamp
- path
- host
- ip
- timestamp
- timezone
- method
- url
You can Kibana show indices having an associated security fields?