Index-level perm match _all

Hi,

I’m using Searchguard with X-Pack monitoring (basic license) on an ELK stack 5.4.0.
I followed all the instruction at : https://github.com/floragunncom/search-guard-docs/blob/master/monitoring.md

But I keep seeing these in my elasticsearch logs.
[2017-07-05T11:44:49,373][INFO ][c.f.s.c.PrivilegesEvaluator] No index-level perm match for User [name=kibanaserver, roles=] [IndexType [index=_all, type=esqueue]] [Action [indices:data/read/search]] [RolesChecked [sg_kibana_server, sg_own_index, sg_public]]
[2017-07-05T11:44:49,375][INFO ][c.f.s.c.PrivilegesEvaluator] No permissions for {sg_public=[IndexType [index=_all, type=esqueue]], sg_own_index=[IndexType [index=_all, type=esqueue]], sg_kibana_server=[IndexType [index=_all, type=esqueue]]}

``

Anybody has an idea on how to solve this?

Thanks.

Which version of Search Guard are you using? We noticed a glitch in the documentation regarding the role and permission definition, the published one will not work with Search Guard v12 and below out of the box. We’re updating this part at the moment, and should be able to provide you with a corrected version soon.

In the meantime, could you please try this role definition:

sg_monitor:

cluster:

  • cluster:admin/mappings/get

  • cluster:admin/ingest/pipeline/put

  • cluster:admin/ingest/pipeline/get

  • cluster:admin/xpack/monitoring/bulk

  • indices:admin/template/get

  • indices:admin/template/put

  • indices:admin/get

  • cluster:monitor/nodes/info

  • cluster:monitor/health

  • cluster:monitor/main

  • cluster:monitor/xpack/info

  • indices:data/write/bulk

indices:

‘*’:

‘*’:

  • indices:admin/get

‘?monitoring*’:

‘*’:

  • ‘*’

‘?marvel*’:

‘*’:

  • ‘*’

(from: https://groups.google.com/forum/#!topic/search-guard/hM5nB33kIGA)

Thanks and sorry for the inconvenience!

···

On Wednesday, July 5, 2017 at 11:47:22 AM UTC+2, pubox.ag@gmail.com wrote:

Hi,

I’m using Searchguard with X-Pack monitoring (basic license) on an ELK stack 5.4.0.
I followed all the instruction at : https://github.com/floragunncom/search-guard-docs/blob/master/monitoring.md

But I keep seeing these in my elasticsearch logs.
[2017-07-05T11:44:49,373][INFO ][c.f.s.c.PrivilegesEvaluator] No index-level perm match for User [name=kibanaserver, roles=] [IndexType [index=_all, type=esqueue]] [Action [indices:data/read/search]] [RolesChecked [sg_kibana_server, sg_own_index, sg_public]]
[2017-07-05T11:44:49,375][INFO ][c.f.s.c.PrivilegesEvaluator] No permissions for {sg_public=[IndexType [index=_all, type=esqueue]], sg_own_index=[IndexType [index=_all, type=esqueue]], sg_kibana_server=[IndexType [index=_all, type=esqueue]]}

``

Anybody has an idea on how to solve this?

Thanks.