Moved from local to AD.
Successfully logged in as kibana4-server.
Getting error on browser when I log in as regular AD user.
[security_exception] action [indices:data/read/mget] is unauthorized for user
Logs:
[2016-06-23 19:04:06,566][INFO ][rest.suppressed ] /_mget Params: {preference=1466723046069, timeout=0, ignore_unavailable=true}
ElasticsearchSecurityException[action [indices:data/read/mget] is unauthorized for user [dala]]
at org.elasticsearch.shield.support.Exceptions.authorizationError(Exceptions.java:45)
at org.elasticsearch.shield.authz.InternalAuthorizationService.denialException(InternalAuthorizationService.java:294)
at org.elasticsearch.shield.authz.InternalAuthorizationService.denial(InternalAuthorizationService.java:268)
at org.elasticsearch.shield.authz.InternalAuthorizationService.authorize(InternalAuthorizationService.java:129)
at org.elasticsearch.shield.action.ShieldActionFilter.apply(
My role_mapping.yml file looks like
kibana4:
- 'cn=dala,cn=Users,dc=ops,dc=saba'
monitoring:
- 'cn=logstash,cn=Users,dc=ops,dc=saba'
- 'cn=kibana4-server,cn=Users,dc=ops,dc=saba'
- 'cn=dala,cn=Users,dc=ops,dc=saba'
admin: - 'cn=logstash,cn=Users,dc=ops,dc=saba'
- 'cn=kibana4-server,cn=Users,dc=ops,dc=saba'
- 'cn=dala,cn=Users,dc=ops,dc=saba'
power_user: - 'cn=logstash,cn=Users,dc=ops,dc=saba'
- 'cn=kibana4-server,cn=Users,dc=ops,dc=saba'
- 'cn=dala,cn=Users,dc=ops,dc=saba'
user: - 'cn=logstash,cn=Users,dc=ops,dc=saba'
- 'cn=kibana4-server,cn=Users,dc=ops,dc=saba'
- 'cn=dala,cn=Users,dc=ops,dc=saba'
kibana4_server: - 'cn=logstash,cn=Users,dc=ops,dc=saba'
- 'cn=kibana4-server,cn=Users,dc=ops,dc=saba'
- 'cn=dala,cn=Users,dc=ops,dc=saba'
What additional step I need to do for the AD user to get the kibana UI.