How to setup a new readall user

Search Guard
1

Hello,

the needed info:

Versions: Elasticsearch & Kibana in 6.3.2 , Search Guard in 6.2.3-22.0

Modules: None

Java: 1.8.0.0_161

OS: CentOs 7.4.1708

Plugins: just searchguard for elasticsearch and kibana

I’m trying to set up new users that have read access to every index, just like “readall” from the demo. Right now I have a user with 3 roles assigned to it:

:

username: k.just

hash: $2y$12$2r7l2vN2rf3ghAVwrqGvy.jkY4Q1mGOFGhXxV8IYiScv3vxS5GK/m

roles:

- readall

- kibanauser

- ti_read

``

the roles are:

  • readall, as it is defined through the demo

  • kibanauser, since it is recommended in the search guard docs

  • ti_read, a role defined by myself, that has exactly the same “rights” like readall(the ti_read info is attached at the end)

I updated the configuration with sgadmin, as one is supposed to do and gave it a try. What I’m observing now is that if I’m logging in with readall, I’m able to see/“read” every index without a problem. If I’m doing the login with k.just (my new test user) I’m not able to see anything, as an example you can see here the discover site:

I also tried to give “k.just” just the readall role, it never worked like I supposed. What I’m expecting is, that I would be able to see/“read” everything just like “readall”. My Questions:

  • Am I doing anything wrong?

  • Did I understand anything in the wrong way?

  • Is there something missing?

  • And if one of these things or anything that I didn’t consider since yet is true, could you please guide me in the right direction?

Regards,
Kevin

ti_read info, role mapping:

sg_ti_read:

``

readonly: true

backendroles:

  • ti_read

``

role:

sg_ti_read:
readonly: true

cluster:

  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘*’:

‘*’:

  • READ

``

2

posted this topic a second time with a better describing headline.

···

Am Mittwoch, 23. Mai 2018 11:00:45 UTC+2 schrieb Kevin Just:

Hello,

the needed info:

Versions: Elasticsearch & Kibana in 6.3.2 , Search Guard in 6.2.3-22.0

Modules: None

Java: 1.8.0.0_161

OS: CentOs 7.4.1708

Plugins: just searchguard for elasticsearch and kibana

I’m trying to set up new users that have read access to every index, just like “readall” from the demo. Right now I have a user with 3 roles assigned to it:

:

username: k.just

hash: $2y$12$2r7l2vN2rf3ghAVwrqGvy.jkY4Q1mGOFGhXxV8IYiScv3vxS5GK/m

roles:

- readall

- kibanauser

- ti_read

``

the roles are:

  • readall, as it is defined through the demo
  • kibanauser, since it is recommended in the search guard docs
  • ti_read, a role defined by myself, that has exactly the same “rights” like readall(the ti_read info is attached at the end)

I updated the configuration with sgadmin, as one is supposed to do and gave it a try. What I’m observing now is that if I’m logging in with readall, I’m able to see/“read” every index without a problem. If I’m doing the login with k.just (my new test user) I’m not able to see anything, as an example you can see here the discover site:

I also tried to give “k.just” just the readall role, it never worked like I supposed. What I’m expecting is, that I would be able to see/“read” everything just like “readall”. My Questions:

  • Am I doing anything wrong?
  • Did I understand anything in the wrong way?
  • Is there something missing?
  • And if one of these things or anything that I didn’t consider since yet is true, could you please guide me in the right direction?

Regards,
Kevin

ti_read info, role mapping:

sg_ti_read:

``

readonly: true

backendroles:

  • ti_read

``

role:

sg_ti_read:
readonly: true

cluster:

  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘*’:

‘*’:

  • READ

``