A user with no write permission on .kibana index can create source filter

• Search Guard and Elasticsearch version: 5.4.2, 5.4.2

• Installed and used enterprise modules, if any: none

• JVM version and operating system version : java 8 and windows 10

I have created a user in sg_internal_users.yml and it does not have write permission on .kibana index. We know visualizations, indices and advanced settings are stored in .kibana index, knowing this that user should not be able to add source filter in management->index pattern->source filter tab of kibana, but at present it allows user to add filter at the same time it displays error message that “user don’t have write permission”.

** in sg_internal_users.yml**

Developer:

hash: $2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv…TOG

#password is: admin

in sg_roles.yml

sg_samreen_custom:

cluster:

-UNLIMITED

indices:

‘samreen’:

‘*’:

• READ_ONLY

‘?kibana’:

‘*’:

• READ

in sg_roles_mapping.yml

sg_samreen_custom:

users:

• Developer

kindly tell the solution.

sg_config.yml (9.01 KB)

When you say: "but at present it allows user to add filter at the same time it displays error message that “user don’t have write permission”:

I guess you mean that the user sees indices in the dropdown, even indices the user has no permission for. And the user also just has write permissions for the Kibana index. When the user then tries to add an index pattern a security exception is raised, and the index pattern is not created. Is this correct?

At the moment I’m afraid there is no real fix for this. We are working on improving it in SG6, but at the moment there is no real workaround.