Unable to update UI setting Request failed with status code: 403

Elastic Stack Kibana
1

Hi guys,

I am not sure what I am doing wrong here. I am automatically updating user security roles also for the spaces through the kibana API. And when I login from one of those roles, I keep getting this error.

Unable to update UI setting

Request failed with status code: 403

here's a picture of it,

image

Can anyone help me out of it??

Thanks in advance

Cheers,
Balaji

1 Like
2

403 is http code response code that indicates that the server understood the request but refused to authorize it.

Its likely that your user's role does not have access to .kibana index. This is the index that stores all kibana state. What are the privileges for the role?

1 Like
3

Hey Nathan,

Thanks for the reply.

Here's the json of the role.
' {
"name": "template_space_role",
"metadata": {},
"transient_metadata": {
"enabled": true
},
"elasticsearch": {
"cluster": ,
"indices": [
{
"names": [
".kibana"
],
"privileges": [
"read"
],
"allow_restricted_indices": false
}
],
"run_as":
},
"kibana": [
{
"base": [
"read"
],
"feature": {},
"spaces": [
"default"
]
}
],
"_transform_error": ,
"_unrecognized_applications":
}'

I use this as my template json for the PUT request dynamically updating the space name.

Thanks again :slight_smile:

Cheers,
Balaji

4

Did you manage to solve this issue?

I'm running on 7.4.0 and get this whenever I browse to the Dashboards app as a test user in the test space it tries to make a POST request to https://kibana:5601/s/test/api/kibana/settings with this payload {"changes":{"defaultIndex":"cdb47b30-ee5c-11e9-a95d-d5689c2d15d1"}}.

@Nathan_Reese I wouldn't have expected end users to need access to the .kibana indices as those actions would be performed by the kibana_system user on behalf of the end user?

GET /api/security/v1/users/_customer_test

{
    "username": "_customer_test",
    "roles": [
        "_customer_test"
    ],
    "full_name": "Test Industries Limited",
    "email": "",
    "metadata": {},
    "enabled": true
}

GET /api/security/role/_customer_test

{
    "name": "_customer_test",
    "metadata": {},
    "transient_metadata": {
        "enabled": true
    },
    "elasticsearch": {
        "cluster": [],
        "indices": [
            {
                "names": [
                    "test-*"
                ],
                "privileges": [
                    "read",
                    "view_index_metadata"
                ],
                "allow_restricted_indices": false
            }
        ],
        "run_as": []
    },
    "kibana": [
        {
            "base": [],
            "feature": {
                "discover": [
                    "all"
                ],
                "visualize": [
                    "all"
                ],
                "dashboard": [
                    "all"
                ],
                "maps": [
                    "all"
                ],
                "canvas": [
                    "all"
                ]
            },
            "spaces": [
                "test"
            ]
        }
    ],
    "_transform_error": [],
    "_unrecognized_applications": []
}
5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.