Xpack - How to create kibana user

Hi Guys,
I'm trying to understand how X-Pack work but i think i miss something,
Lets say in my Kibana i have the following patterns:

prod-java*
prod-nodejs*

and i would like to create a role, that role will map a read permission to only "prod-java*" pattern,
so i create the role by the following command:
POST _xpack/security/role/prod-java-reader
{
"cluster": [ "monitor" ],
"indices": [
{
"names": [ "prod-java*" ],
"privileges": [
"read",
"index",
"indices:data/read/search[phase/query]",
"indices:admin/validate/query",
"indices:data/read/search",
"indices:data/read/msearch",
"indices:data/read/field_stats"]

}

]
}

After i create the role, i assigned the following roles to my user : [kibana_user,prod-java-reader]

i login successfully, but when i switch to the pattern prod-java* i got the following error:
Unauthorized 403 for /search/read/data

i would like to know if i am missing something ,

my Elastic version is 6.6

Thanks!

Please take the time to correctly format your posts either using (```) blocks or the </> button. it is very hard to read unformatted snippets. Please take the time to fix this in your post, this will greatly improve the chances of your question being answered.

read should be enough for read only access, you don't need any of the other ones. .

Please copy and paste the exact error you get. It is very hard to figure out what goes on when you paste approximations of the error messages.

Hi Thanks for reply!
this is the message:

Please don't post images of text as they are hard to read, may not display correctly for everyone, and are not searchable.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

It would be great if you could update your post to solve this.

Also, as I mentioned before, you don't need such a complicated role definition

Thanks for quick respond, i will try to edit it

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.