alexus
January 18, 2019, 7:08pm
1
Hello,
I followed Grant users access to APM Server indices | APM Server Reference [6.5] | Elastic , yet user (w/ apm_reader
role) is unable to access the way superuser does (some parts of apm are visible, while others is not)
user also provided following information that he's got via debug in a browser:
{“statusCode”:403,“error”:“Forbidden”,“message”:“[security_exception] action [indices:data/read/search] is unauthorized for user [user]“}
Please advise.
ikakavas
(Ioannis Kakavas)
January 19, 2019, 11:49am
2
Hi,
This is to be expected, the superuser
has by default/definition access to anything.
Can you be a little more specific? What parts did you expect to be visible that are not?
Did you follow the instructions explicitly? Did you also add the kibana_user
role to your user as mentioned there?
Can you share the output of the following two requests from Kibana's dev tools ?
GET _xpack/security/role/apm_reader
( run that while logged in as a superuser)
GET _xpack/security/_authenticate
(run that while logged in as user
)
alexus
January 19, 2019, 4:25pm
3
sure, more specific (in terms of visibility): everything is accessible except for actual charts (see attached screenshot)
and yes, I followed instruction explicitly. kibana_user
role is already part of user's role.
GET _xpack/security/role/apm_reader
:
{
"apm_reader" : {
"cluster" : [ ],
"indices" : [
{
"names" : [
"apm-*"
],
"privileges" : [
"read",
"view_index_metadata"
]
}
],
"applications" : [ ],
"run_as" : [ ],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}
GET _xpack/security/_authenticate
:
{
"username" : "user",
"roles" : [
"kibana_user",
"apm_reader"
],
"full_name" : "xxx",
"email" : "x@x.x",
"metadata" : { },
"enabled" : true
}
sqren
(Søren Louv Jansen)
January 22, 2019, 9:37am
4
Hi @alexus ,
This is related to a bug that was found in Kibana 6.5: https://github.com/elastic/kibana/issues/23463 .
It will be fixed in 6.6.
Until then you will have to give the user permission to access the machine learning anomaly indices: .ml-anomalies-*
You need to define a role that gives the user access to these indices and assign that role to their user.
Read more here: https://www.elastic.co/guide/en/elastic-stack-overview/current/defining-roles.html#roles-indices-priv
system
(system)
Closed
February 12, 2019, 5:37am
5
This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.