Time Picker issue in Kibana with Shield

I created 1 admin(File realm), 2 users (Native realm) using Shield.

Admin created with esusers -r admin command (so, all indices, all privileges)
User1 has "all privileges" to 3 indices in the cluster.
User2 has "all privileges" to 5 indices in the cluster (with field level security)

I could execute queries on ES side, without any issues. I configured Kibana with link provided in docs here.

But, when I login using the user credentials (either User1 or User2), I could not see "Time Picker" on the top-right hand corner of the Kibana Dashboard. If I login as Admin, I can see that. I would like to have this Time Picker in Kibana even for native users. Please help me out.

Which version(s) are you using?

Kibana 4.6
ES 2.4
Shield 2.4

Thanks! Each of the users will need "kibana user" privileges, which grant them access to the .kibana index, and cluster monitoring.

Here's an example kibana_user role derived from here:

      - monitor
    - names: '.kibana*' 
        - manage
        - read
        - index

If you create this role and assign it to those two users, I expect that Kibana will begin working as expected. tbh, I haven't heard of the time picker not showing up, but I'm imagining it's related.

Yes. I have given the privileges to both the users to access .kibana index. Otherwise, I was not even able to open the Kibana dashboard using these user credentials.

I created 2 roles Role1, Role2 and assigned Role1 to User1 and Role2 to User2. Below are the commands:

curl -u admin  -XPOST 'http://localhost:9200/_shield/role/role1' -d'
  "cluster": ["all"],
  "indices": [
        "names:" [<some indices>, .kibana*]
        "privileges:" ["all"]

curl -u admin  -XPOST 'http://localhost:9200/_shield/role/role2' -d'
  "cluster": ["all"],
  "indices": [
        "names:" [<some other indices>, .kibana*]
        "privileges:" ["all"]
        "fields": [<some fields including @timestamp field>]

I can see the entire Kibana Dashboard exactly as I want based on the user roles I created. But, the only problem is, for these users, I cannot see the TimePicker on top-right hand corner. If I login as admin, I can see TimePicker.

This admin user is created in File realm (esusers -r admin), where as users are created in Native Realm. I also gave following configuration in elasticsearch.yaml:

        type: native
        order: 0
        type: file
        order: 1

Have you installed Kibana in the /opt/kibana/installedPlugins directory yet? I believe I ran into something similar.

If you're using Shield, see step 6 here: https://www.elastic.co/guide/en/shield/current/kibana.html

I haven't done that, but the problem seems to be solved. I cannot reproduce the issue now. All I did was I deleted all the indices, including .kibana index, and restarted Kibana. I think the problem might be with .kibana index caching some data, and I have been managing lots of user roles, users, performing snapshots and restore.

I will keep your suggestion in mind, and if I come to this issue again, I will give a try with Step 6 from your link.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.