Unable to login to Kibana after changing Space settings for specific role

peternijem · July 4, 2020, 12:05pm

Hi,

I have created a user 'X' with role 'Y'. A space 'Z' is assinged to this role. In the settings of the Space for this role, I've decided to hide all features including 'dashboards' from it and keep only dev tools for example.

Whenever I login with the user which is associated to this role, I get the following error:

Kibana shows this error for a second before it reloads automatically and again it shows this error for a second and so on...

Clearing the session didn't help. When I've enabled also 'dashboards' (read/all), this issue stopped happening.

My goal is to hide dashboards for this role. So I am blocked here.
I would really appreciate your help.

Peter

flash1293 · July 6, 2020, 7:18am

This seems like a legit bug - which version are you using? If it's an outdated one, you can try upgrading. If you are already running 7.8.0, you can report it here: https://github.com/elastic/kibana/issues/new?template=Bug_report.md

peternijem · July 6, 2020, 8:03am

Hi @flash1293

I am using version 7.5.1
We can't just upgrade to latest version. We have our solution based on Kibana and we are just before going to production.
Is it a known issue? If so, and if it has a fix already then I can merge the fix to our Kibana based solution.
Pending for more info regarding this issue.

Thanks

flash1293 · July 6, 2020, 8:20am

I suggested the upgrade because this area of the code went through substantial refactoring between 7.5 and 7.8 - there is no single PR to backport, but the whole structure of the application changed. I tried to reproduce this problem with 7.8 but granting only dev tool rights works fine there.

Did you include your own plugins into Kibana for your solution?

peternijem · July 6, 2020, 9:24am

Thanks for your fast reply.
Yes we have our own plugins. Can you please try and reproduce the issue on 7.5.1?
This will help us understand if it's an Kibana issue (most likely) or our own development which is causing this.

Thanks

flash1293 · July 6, 2020, 9:43am

I started a 7.5.1 instance with just dev tools rights in a separate space and it worked fine for me (no errors on opening Kibana)

peternijem · July 6, 2020, 10:00am

Have you been able to log in with the user which has the role you've created (the role that has the specific Space privileges)?

flash1293 · July 6, 2020, 10:07am

Yes, I'm able to access the dev tools without any errors

peternijem · July 6, 2020, 10:23am

The issue is not in accessing the dev tools. The issue reproduced for me when trying to log-in to KIbana with the user and role I created for which is assigned a space with no privileges to see dashboards.
Steps to reproduce:

Create a user
Create a Space
Create a role and assign this Space to it. Hide everything and keep only dev tools with Read privileges.
Assign the role to the previously created user.
Logout
Login using newly created user credentials

Expected:
You are able to login and view your dashboards without any issue.

Actual:
Stuck in a loop which shows below error for 1 second:

flash1293 · July 6, 2020, 11:51am

That's what I meant - logging in as this user and going to dev tools works fine for me.

You are able to login and view your dashboards without any issue

Why are you expecting to be able to view dashboards if you only grant dev tools rights to a user?

peternijem · July 6, 2020, 12:06pm

I am unable to login at all. I am stuck in a loop after clicking login.

peternijem · July 21, 2020, 6:00pm

Hi,

After checking for other developers who faced the same issue, I was able to find an open bug on this issue!

Thread: Unable to open Kibana on chrome after upgrade from version 7.3.x to 7.4.0

Here you can see the same steps to reproduce mentioned: https://github.com/elastic/kibana/issues/52298

So, as I understand currently there is no fix for that.

@flash1293 can you go over the steps to reproduce mentioned here https://github.com/elastic/kibana/issues/52298 on latest stable Kibana version and update if you have the same issue or not. If not, can you please point our to the fix that was done?

Thanks

flash1293 · July 21, 2020, 6:58pm

If this is about a kibana.defaultAppId setting, a possible workaround is to remove it and use the advanced setting “defaultRoute” instead configured in Management > Advanced settings.

Let me know whether that works for your case.

peternijem · July 21, 2020, 7:11pm

You mean I need to replace the default value of kibana.defaultAppId with the defaultRoute value I've configured in the Advanced Settings?
Please clarify.

Thanks

flash1293 · July 22, 2020, 7:08am

defaultRoute works a little different - just copy the path of the page you want to be your default, e.g. discover is app/kibana#/discover on 7.5

peternijem · July 22, 2020, 7:20am

Hi

It didn't work.

flash1293 · July 22, 2020, 7:43pm

What default route did you try? If it's a specific dashboard, it's possible you can't work around the bug you found in your specific scenario.

If you are writing your own plugin, you can also try programmatically hiding menu options in specific cases similar to how the "dashboard mode" plugin is doing it: https://github.com/elastic/kibana/blob/7.5/x-pack/legacy/plugins/dashboard_mode/public/dashboard_viewer.js#L55

peternijem · August 6, 2020, 6:34am

Thanks @flash1293
I need to add a change in the code to block access to /dashboards (in addition to hiding dashboards plugin from side menu). Can you please point out how this can be done? How is it done already for items that are hidden (Privilege set as None for specific role)?

Thanks

flash1293 · August 6, 2020, 7:25am

They are using the security solution with registered features (like here: https://github.com/elastic/kibana/blob/master/x-pack/plugins/features/server/oss_features.ts ) and integrate with the permissions you can set per role.

system · September 3, 2020, 7:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.