Hello,
the needed info:
Versions: Elasticsearch & Kibana in 6.3.2 , Search Guard in 6.2.3-22.0
Modules: None
Java: 1.8.0.0_161
OS: CentOs 7.4.1708
Plugins: just searchguard for elasticsearch and kibana
I’m trying to set up new users that have read access to every index, just like “readall” from the demo. Right now I have a user with 3 roles assigned to it:
:
username: k.just
hash: $2y$12$2r7l2vN2rf3ghAVwrqGvy.jkY4Q1mGOFGhXxV8IYiScv3vxS5GK/m
roles:
- readall
- kibanauser
- ti_read
``
the roles are:
-
readall, as it is defined through the demo
-
kibanauser, since it is recommended in the search guard docs
-
ti_read, a role defined by myself, that has exactly the same “rights” like readall(the ti_read info is attached at the end)
I updated the configuration with sgadmin, as one is supposed to do and gave it a try. What I’m observing now is that if I’m logging in with readall, I’m able to see/“read” every index without a problem. If I’m doing the login with k.just (my new test user) I’m not able to see anything, as an example you can see here the discover site:
I also tried to give “k.just” just the readall role, it never worked like I supposed. What I’m expecting is, that I would be able to see/“read” everything just like “readall”. My Questions:
-
Am I doing anything wrong?
-
Did I understand anything in the wrong way?
-
Is there something missing?
-
And if one of these things or anything that I didn’t consider since yet is true, could you please guide me in the right direction?
Regards,
Kevin
ti_read info, role mapping:
sg_ti_read:
``
readonly: true
backendroles:
- ti_read
``
role:
sg_ti_read:
readonly: true
cluster:
- CLUSTER_COMPOSITE_OPS_RO
indices:
‘*’:
‘*’:
- READ
``