Hi, I'm using the trail version of an Cloud instance( 6.3.2) and I'm trying to create a user which only has dashboard rights to my dashboard. I've created a user and a specific dashboard role as I read here: https://www.elastic.co/blog/kibana-dashboard-only-mode but when I log in with the user I see all the buttons on the left but for every page I get the message:
Error Config: Request failed with status code: 403.
best regards,
hugo
Hi Hugo,
It looks like either your user has additional roles or that you have created a custom dashboard only role and something is amiss with that. Can you share your role definition and specific configuration with us?
Hi,
I created a custom role.....My_dasboard_only_user. As indices I added the index my dasboard uses. As priviliges i added Read and View_index_metadata.
I created a new user with this role.
And I added the custom role to the xpackDashboardMode:roles.
Thats it.
Hi again,
I missed the Cloud part of your original email and made invalid assumptions. Creating a custom dashboard only role is usually only necessary when you are using a custom .kibana index , which is not the case for your Cloud trial instance.
You need to add two roles to your user:
read privileges should be enough.kibana_dashboard_only_user role.Hi,
I added the 2 roles to my readonly account and now the login works and I can see only my 2 dashboards. The only problem is now that there is no data. It seems it cannot access my index or so?
I gave my custom role read access to my index.
Any idea?
Thanks in advance!
Unless you actually provide the role definition then we're just guessing.
Does your role provide read access to the.kibana index?
@hugohendriks I assume that when you say that you added two roles, you mean the kibana_dashboard_only_user and a second one? Is that second one the one that gives read access to the index you use in your dasboard?
I reas the above as @hugohendriks reverted from trying to define a custom dashboard only role to using kibana_dashboard_only_user instead, so that wouldn't be necessary.
Unless you actually provide the role definition then we're just guessing.
I couldn't agree more. Please help us assist you in a productive manner.
Hi,
not trying to be rude...I'm just new to Kibana. My role definition looks like:
As you can see, i dont have rights added to acces .kibana index.
My readonly user now has 2 roles, kibana_dashboard_only_user and vgz_dashboard_only_user
The issue is that you're missing the value for Granted Fields. The default value is a wildcard * matching all fields. If you take this away (as you've done above), your role doesn't grant read access to any fields, and your dashboard will remain empty.
Add * to the Granted Fields and login again as the user with the vgz_dashboard_only_user_role
No worries 
It's just that it's so much easier to offer meaningful feedback when we get all the necessary information as was perfectly showcased in your last message !
Check....adding the * to the Granted Fields did the trick. Much appreciated 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
