superuser should be allowed to manage roles obviously. Can you please share any part of your elasticsearch logs that might seem relevant ( i.e. logging in via Kibana and accessing the Management tab ).
If nothing interesting is there you can try enabling DEBUG
PUT /_cluster/settings
{"transient":{"logger.org.elasticsearch.xpack.security.authz": "DEBUG"}}
I am not getting any errors in elkcluster_access.log , all lines shows access_granted.
But I am getting these errors in elkcluster.log
[ERROR][o.e.x.s.a.e.ReservedRealm] [SmUKNKO] failed to retrieve password hash for reserved user [elastic]
[INFO ][o.e.x.s.a.AuthenticationService] [SmUKNKO] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[INFO ][o.e.x.w.a.l.ExecutableLoggingAction] [SmUKNKO] Watch [Idle_pct] has exceeded the threshold []
[ERROR][o.e.x.m.c.c.ClusterStatsCollector] [SmUKNKO] collector [cluster_stats] failed to collect data
I believe the error you are seeing in Kibana is incorrect.
From what I can see, Kibana will give that error whenever it fails to retrieve the list of available roles from Elasticsearch. So, although it appears to be a permissions problem, it could actually have some other underlying cause.
I believe your cluster (and/or security index) might be suffering from some health issues.
Can you check these:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.