I'm attempting to setup a read only user, but keep running into this error: Error: Unable to check for Kibana index ".kibana". When attempting to use these read only userids with Kibana. Userids that I have associated with admin and power_user work fine via Kibana. I'm not sure where the config issue is. I appeal to the wisdom of the forum for direction.
Here are my user settings.
roles.yml - default except for this entries that don't seem to work.
Read-only operations on indices
user:
indices:
'*': read
reader_role:
cluster : all
indices:
'*': get, read
Showing that I have two users associated with those roles
[root@vm10178 shield]# /usr/share/elasticsearch/bin/shield/esusers list | grep reader
reader : user
reader2 : reader_role
Its probably the missing admin/exists permission that is causing that specific error, but you may want to base your new role on the existing kibana4 role, with the write permissions removed from .kibana, otherwise you're going to run into other issues. You'll also need to start/use kibana for a bit as an admin to get all of the necessary .kibana docs created before rolling out to read only users.
That got me pointed in the right direction. Ended up basically giving every read permission to the role for both the index that I wanted it to see and to the .kibana index. I wish there was a document that better explained the permissions in shield.
I'm sure I can remove some of these, but that will take some time to figure out.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.