Recreating “kibana_dashboard_only_user” and “kibana_system” results in errors

security

(Sjaak) #1

Hi,

I want to run a second Kibana instance that uses "kibana-test" instead of ".kibana" so I can separate dashboards.

I first tested using the two built in roles above using the default .kibana index and all was working well.

Now I've remade those two roles and called them test_dashboard_only and test_kibana_system. The permissions are the same as on the built in roles yet when I set up a user assigned to the test_kibana_system group in kibana.yml I get permission errors for the kibana-test index.

Also when I use the built in role and then try to log in with my dashboard only user it shows all the icons on the nav bar.

What is happening? Permissions are exactly the same so I don't understand what the problem is.


(Sjaak) #2

Error:

[08:28:24.646] [error][security] Error registering Kibana Privileges with Elasticsearch for kibana-.test: [security_exception] action [cluster:admin/xpack/security/privilege/get] is unauthorized for user [test_access]

kibana.yml

kibana.index: ".test"
elasticsearch.username: "test_access"
elasticsearch.password: "password"
xpack.security.enabled: true

Why does the index change from .test to kibana-.test?

Again, permissions are exactly the same as the kibana_system role except for the .kibana* index which I changed to .test*.

A new role with the same dashboard only permissions either results in the oops error when logging in, or showing giving complete access.

Permission are just completely ignored.


(Ioannis Kakavas) #3

For your test_dashboard_only role, you need to add that to the Dashboard only roles as docu
mented here

Also, add kibana-.test to the list of indices in your new role definition.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.