Hi,
I have a user which only has access to read logs with the “alluser” role. However, i need that user to be able to save searches and export the search as a .csv as well. Which additional privileges does this require?
And is there a quick fix for this? Like adding a role to the user or something?
Is it the “MANAGE” role that needs to be added to the user?
It would be helpful to get an answer pretty quickly since we don’t have a lot of time on our hands. Sorry about the nagging.
When you say “save searches and export the search as a .csv as well” you are referring to Kibana I guess. You do not need any special permissions for that.
Only requirement is that all Kibana users must be mapped to the SGS_KIBANA_USER (for ES7) / sg_kibana_user (for ES6) role:
Exactly. Okay i did not know that.
sg_internal_users.yml file looks like this:
user:
hash: $2y$12$/iW1WBA0rFsgDFj0WR2HA.lw9gPasdasdasd2RVUTKR9lWkWFvtTray
roles:
- readall
Do i just add sg_kibana_user to the roles? Or do i add the kibanauser role to the user?
sg_kibana_user is the Search Guard role. You need to add the kibanauser backend role to the user.
The default mapping is:
Backend role: kibanauser
Mapped to Search Guard role: sg_kibana_user
I added the role “kibanauser” to the user and applied the change. However, the user still cannot export CSV reports. It complained about not having the required permissions about “indices:data/read/scroll/clear”.
Can you please post the elasticsearch log files when this happens?
If your user is correctly mapped to the sg_readall role, then this should not happen since the permissions for this role includes indices:data/read*.
Also, can you please visit the authinfo endpoint which also contains useful output for debugging. This is described here:
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.