REST API Post /api/kibana/settings/defaultIndex gives 403

Elasticsearch 7.9.1 and KIbana 7.91. with X-pack security enabled.

I have a role that can create index patterns. See attached index and space privileges screen shots.
When calling the API:
POST /api/kibana/settings/defaultIndex , I still get a 403.

"{"type":"response","@timestamp":"2020-09-29T18:08:59Z","tags":[],"pid":21028,"method":"post","statusCode":403,"req":{"url":"/api/kibana/settings/defaultIndex","method":"post","headers":{"x-forwarded-by":"","x-forwarded-for":"","x-forwarded-proto":"http","host":"localhost:8091","connection":"close","content-length":"38","accept":"application/json","kbn-xsrf":"true","content-type":"application/json","user-agent":"Apache-HttpClient/4.5.12 (Java/11.0.8)"},"remoteAddress":"","userAgent":""},"res":{"statusCode":403,"responseTime":15,"contentLength":9},"message":"POST /api/kibana/settings/defaultIndex 403 15ms - 9.0B"}"

If I use the "elastic" superuser account, it works fine. So I know this is a privilege problem. But I cannot seem to find the EXACT privilege I need to make this REST call.
Can you please tell me exact privileges my role needs to make this REST call? Thanks in advance.

you can change the user privileges from "Index pattern management" permissions of "None" to "All"- that should do it to post your API..( grant Kibana privilege to the user- move from none to all in feature controls- index pattern management )
Keep us posted.


Please see above screenshot. I already have "All" for "Index Pattern Management" and it still was not helping. I know the privilege is in effect because when I login as this user, I see the button that says "Create Index Pattern" and I do not have the "glasses" icon to indicate read-only as the documentation says. That first screen shot above is under the "Spaces" privileges. I defined a Default space privilege. Any other suggestions?

Hello. Any comments?

cc @jportner any inputs here?


Hi @annanicotera, so sorry you haven't had a resolution for this yet.

This API modifies the 'config' saved object. You need the 'All' privilege in the 'Advanced Settings' feature to grant authorization to do so. Keep in mind this will also allow a user with that role to edit any other advanced settings.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.