Unable to update UI setting Request failed with status code: 403

astrobalaji · September 27, 2019, 1:50pm

Hi guys,

I am not sure what I am doing wrong here. I am automatically updating user security roles also for the spaces through the kibana API. And when I login from one of those roles, I keep getting this error.

Unable to update UI setting

Request failed with status code: 403

here's a picture of it,

Can anyone help me out of it??

Thanks in advance

Cheers,
Balaji

Nathan_Reese · September 27, 2019, 2:10pm

403 is http code response code that indicates that the server understood the request but refused to authorize it.

Its likely that your user's role does not have access to .kibana index. This is the index that stores all kibana state. What are the privileges for the role?

astrobalaji · September 27, 2019, 2:27pm

Hey Nathan,

Thanks for the reply.

Here's the json of the role.
' {
"name": "template_space_role",
"metadata": {},
"transient_metadata": {
"enabled": true
},
"elasticsearch": {
"cluster": ,
"indices": [
{
"names": [
".kibana"
],
"privileges": [
"read"
],
"allow_restricted_indices": false
}
],
"run_as":
},
"kibana": [
{
"base": [
"read"
],
"feature": {},
"spaces": [
"default"
]
}
],
"_transform_error": ,
"_unrecognized_applications":
}'

I use this as my template json for the PUT request dynamically updating the space name.

Thanks again

Cheers,
Balaji

pemontto · October 14, 2019, 9:54am

Did you manage to solve this issue?

I'm running on 7.4.0 and get this whenever I browse to the Dashboards app as a test user in the test space it tries to make a POST request to https://kibana:5601/s/test/api/kibana/settings with this payload {"changes":{"defaultIndex":"cdb47b30-ee5c-11e9-a95d-d5689c2d15d1"}}.

@Nathan_Reese I wouldn't have expected end users to need access to the .kibana indices as those actions would be performed by the kibana_system user on behalf of the end user?

GET /api/security/v1/users/_customer_test

{
    "username": "_customer_test",
    "roles": [
        "_customer_test"
    ],
    "full_name": "Test Industries Limited",
    "email": "",
    "metadata": {},
    "enabled": true
}

GET /api/security/role/_customer_test

{
    "name": "_customer_test",
    "metadata": {},
    "transient_metadata": {
        "enabled": true
    },
    "elasticsearch": {
        "cluster": [],
        "indices": [
            {
                "names": [
                    "test-*"
                ],
                "privileges": [
                    "read",
                    "view_index_metadata"
                ],
                "allow_restricted_indices": false
            }
        ],
        "run_as": []
    },
    "kibana": [
        {
            "base": [],
            "feature": {
                "discover": [
                    "all"
                ],
                "visualize": [
                    "all"
                ],
                "dashboard": [
                    "all"
                ],
                "maps": [
                    "all"
                ],
                "canvas": [
                    "all"
                ]
            },
            "spaces": [
                "test"
            ]
        }
    ],
    "_transform_error": [],
    "_unrecognized_applications": []
}

system · November 11, 2019, 9:54am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.