Errors with accessing the kibana

I have changed the config file sg_roles.yml

sg_apache_tomcat:

indices:

‘apache-tomcat-*’:

‘*’:

- ALL

and the sg_roles_mapping.yml:

sg_apache_tomcat:

users:

• kirk

and in the kibana.yml, i added the entries

elasticsearch.username: “kibanaserver”

elasticsearch.password: “kibanaserver”

And with the command curl -XGET -u kirk:kirk “http://192.25.97.128:9200/apache-*?pretty” , i can get what i want.

But when i access the kibana with the “kirk”, i got the errors as follow:

               Courier Fetch Error: unhandled courier request error: unknown error

    Error: unhandled courier request error: unknown error
at handleError ([http://192.25.97.128:5601/bundles/kibana.bundle.js?v=9732:78871:23](http://192.25.97.128:5601/bundles/kibana.bundle.js?v=9732:78871:23)    )
at DocRequest.AbstractReqProvider.AbstractReq.handleFailure ([http://192.25.97.128:5601/bundles/kibana.bundle.js?v=9732:78791:15](http://192.25.97.128:5601/bundles/kibana.bundle.js?v=9732:78791:15)    )
at [http://192.25.97.128:5601/bundles/kibana.bundle.js?v=9732:78685:18](http://192.25.97.128:5601/bundles/kibana.bundle.js?v=9732:78685:18)
    at Array.forEach (native)
at [http://192.25.97.128:5601/bundles/kibana.bundle.js?v=9732:78683:19](http://192.25.97.128:5601/bundles/kibana.bundle.js?v=9732:78683:19)
    at processQueue ([http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:42357:29](http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:42357:29)    )
at [http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:42373:28](http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:42373:28)
    at Scope.$eval ([http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:43601:29](http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:43601:29)    )
at Scope.$digest ([http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:43412:32](http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:43412:32)    )
at Scope.$apply ([http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:43709:25](http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:43709:25))

What’t more, i can access the kibana with the “admin”.

Can you tell me where did i miss?

the elasticsearch debug is here:

_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to {}

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved aliases and indices: [.kibana]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved types: [config]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles: [sg_kibana4_server, sg_public]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana4_server

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana: [.kibana]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana, will check now types [*]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolvedActions for ?kibana/: [indices:]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana/: [indices:]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] remaining requested aliases and indices:

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] remaining requested resolved types:

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for ‘sg_kibana4_server’, evaluate other roles for fls/dls purposes

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] sg_role sg_public is empty

Who can help me solve the problem？ Thanks！

does this work?

sg_apache_tomcat:
  cluster:
      - cluster:monitor/nodes/info
      - cluster:monitor/health
  indices:
    'apache-tomcat-*':
      '*':
        - ALL
    '?kibana':
      '*':
        - READ
        - indices:admin/mappings/fields/get*
        - indices:admin/validate/query*
        - indices:admin/get*
        - indices:admin/exists*
        - indices:admin/mappings/fields/get*
        - indices:admin/refresh*
        - indices:admin/validate/query*
        - indices:data/read/get*
        - indices:data/read/mget*
        - indices:data/read/search*

Sorry, I added these to the role, it still not work. The errors is

“no permissions for indices:data/read/field_stats”

then i added the " indices:data/read/field_stats" behind the “?kibana”

it still not work.

Is there something wrong?

在 2016年6月18日星期六 UTC+8上午3:08:02，SG写道：

I met the same problem , if you add the “indices:data/read/field_stats” , it will notice “indieces:data/read/mget”
the config should like this:

sg_apache_tomcat:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
‘apache-tomcat-':
'’:
- ALL

‘?kibana’:
'':
- READ
- indices:admin/mappings/fields/get
- indices:admin/validate/query*
- indices:admin/get*
- indices:admin/exists*
- indices:admin/mappings/fields/get*
- indices:admin/refresh*
- indices:admin/validate/query*
- indices:data/read/get*
- indices:data/read/mget*
- indices:data/read/search*

‘*’:

‘*’:

• indices:data/read/field_stats

在 2016年6月20日星期一 UTC+8上午9:24:14，Wei Hong写道：