Grant permissions to manage Signals

Kosmonafft · October 4, 2021, 2:18pm

Hi folks,

I am trying to create a role which should be able to manage signals (read, create new and update existing).

While I manage it to grant the test user assigned to role a view on existing signals each time when I try to open an existing signal I have following error pop up:

{
  "statusCode": 403,
  "error": "Forbidden",
  "message": "security_exception",
  "attributes": {
    "body": {
      "error": {
        "root_cause": [
          {
            "type": "security_exception",
            "reason": "no permissions for [indices:admin/aliases/get] and User testuser <basic/internal>"
          }
        ],
        "type": "security_exception",
        "reason": "no permissions for [indices:admin/aliases/get] and User testuser <basic/internal>"
      },
      "status": 403
    }
  }
}

In dev Tools of my browser (network) I see that following call to following endpoint fails with 403:

https://kibana.url/api/searchguard-signals/_aliases

This is my role:

{
  "description": "",
  "cluster_permissions": [
    "SGS_CLUSTER_COMPOSITE_OPS"
  ],
  "index_permissions": [
    {
      "allowed_actions": [
        "indices:admin/aliases/get"
      ],
      "index_patterns": [
        ".*",
        "searchguard*",
        "signal*"
      ],
      "fls": [],
      "masked_fields": []
    }
  ],
  "tenant_permissions": [
    {
      "allowed_actions": [
        "SGS_SIGNALS_WATCH_MANAGE"
      ],
      "tenant_patterns": [
        "*",
        "SGS_GLOBAL_TENANT"
      ]
    }
  ],
  "exclude_cluster_permissions": [],
  "exclude_index_permissions": []
}

What am I missing?

Kosmonafft · October 4, 2021, 2:24pm

I have updated my role as follows:

{
  "description": "",
  "cluster_permissions": [
    "SGS_CLUSTER_COMPOSITE_OPS",
    "SGS_CREATE_MANAGE_OWN_AUTH_TOKEN",
    "SGS_SIGNALS_ACCOUNT_READ"
  ],
  "index_permissions": [
    {
      "allowed_actions": [
        "indices:admin/aliases/get"
      ],
      "index_patterns": [
        "*",
        ".*",
        "searchguard*",
        "signal*"
      ],
      "fls": [],
      "masked_fields": []
    }
  ],
  "tenant_permissions": [
    {
      "allowed_actions": [
        "SGS_SIGNALS_WATCH_MANAGE"
      ],
      "tenant_patterns": [
        "*",
        "SGS_GLOBAL_TENANT"
      ]
    }
  ],
  "exclude_cluster_permissions": [],
  "exclude_index_permissions": []
}

After granting acess to all indices (*) I have no errors anymore. Question is now: To which exact index pattern I need to grant access to so my testuser is able to create and update signals?

Thanks

sirHusky · October 4, 2021, 4:28pm

@Kosmonafft This seems to have been already answered in great details here

Hope this helps

Kosmonafft · October 5, 2021, 3:19pm

Thanks. Didn’t saw it somehow during my search

system · October 26, 2021, 3:19pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Search Guard Signals UI Permissions Search Guard	9	667	November 17, 2020
Limit Access to Sarch Guard Signals Search Guard	4	394	August 25, 2021
Permissions issue for tenant X Search Guard	12	456	April 25, 2022
Kibana 7.16.2 - permissions for Stack Management Search Guard	2	403	March 4, 2022
No permissions for [indices:admin/mapping/auto_put] Search Guard	14	791	May 11, 2023

Grant permissions to manage Signals

Related Topics