Role has manage_index_templates, but getting error "action [indices:admin/mappings/get] is unauthorized for user"


(Suny Kim) #1

Hi. I'm creating a second Kibana on hosted elasticsearch (cloud.elastic.co). The second kibana role has "all" privilege on her .kibana_2 index, and cluster privileges "monitor" and "manage_index_templates". Still, she gets the error message: [security_exception] action [indices:admin/mappings/get] is unauthorized for user [kibana_2]. I have to give her "all" on ".kibana" to work. But this is precisely what I wanted to avoid. The reason for creating the second kibana was to hide all the experimental indices and dashboards that I'm creating in the first kibana.
This looks like a bug to me, like kibana in some (initial?) action is querying the standard .kibana index instead of the one that is configured.
Kibana Version: 6.1.3


(CJ Cenizal) #2

Hi Suny, the .kibana index is where Kibana stores all of the settings and things it needs to run. So all users will need some level of access to this index to use Kibana. Have you tried giving the user the additional role of kibana_user? This will grant the minimum privileges required for any user of Kibana. For more information you can take a look at the built-in roles docs.

Thanks,
CJ


(Suny Kim) #3

Hi CJ. I thought the index where Kibana stores it's stuff was configurable in kibana.yml, https://www.elastic.co/guide/en/kibana/current/settings.html , kibana.index.
And yes, I compared the privileges with those of kibana_user. The only difference was "all" on .kibana. Which I gave to the second kibana, as explained above.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.