Unable to create short URL. Error: Internal Server Error
backend:
kibana-custom | {"type":"error","@timestamp":"2019-01-27T21:51:25Z","tags":[],"pid":1,"level":"error","error":{"message":"Unable to create url, missing action:saved_objects/url/create","name":"Error","stack":"Error: Unable to create url, missing action:saved_objects/url/create\n at SecureSavedObjectsClientWrapper._ensureAuthorized (/usr/share/kibana/node_modules/x-pack/plugins/security/server/lib/saved_objects_client/secure_saved_objects_client_wrapper.js:136:48)\n at <anonymous>"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":"","query":{},"pathname":"/api/shorten_url","path":"/api/shorten_url","href":"/api/shorten_url"},"message":"Unable to create url, missing action:saved_objects/url/create"}
if kibana_user role wouldn't be assigned, user wouldn't be able to access Discover either (which is not the case)
That's not necessarily true. You can create custom roles to access Kibana, or use the built-in kibana_dashboard_only_mode role to grant read-only access as well (even if you don't use the Dashboard Only Mode feature).
Is this user able to create any saved searches, dashboards, or index patterns within Kibana? Or is it just short urls that are failing?
Can you execute the following in DevTools, and post the result? Replace <username> with the username of the account. Omit personal information such as full_name and email:
GET /_xpack/security/user/<username>
For example, GET /_xpack/security/user/larry for my own setup returns the following:
after reviewing user's role it is worth to mention: due to userX using own space, userX doesn't have kibana_user role assigned, as userX limited to one specific space only and assigning kibana_user role to userX allows userX to see other spaces, rest of roles are related to access to custom indices.
and lastly, userY (which has same roles assigned as userX) doesn't have an issues with creating short URL (within very same space as userX does).
I've tried restarting Kibana, but still no luck( userX still has issue while userY doesnt.
I apologize for that, just trying to be as accurate as possible)
After further investigation, your suspicion is right on the money as userX has read Privilege, while userY has all Privilege.
Maybe Kibana could use some improvements in displaying errors, say in more useful way?) Regardless, thank you very much for your help! I appreciate it!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.