Indices:data/read/async_search/submit error

Updated to Elasticseach/Kibana 7.7.0 yesterday, updated SG and the users are running into a permission error. Everything looks ok, but they get the following error: “No permissions for indices:data/read/async_search/submit”


Everything worked perfectly prior to the upgrade. I’ve tried the following:

  • Reload the original configuration
  • Give the role all cluster and indices permissions
  • Reload stock permissions with small alterations

The problem is that the indices:data/read/async_search/submit permission doesn’t exist.

Elasticsearch 7.7.0
Windows 2019
Kibana 7.7.0

Any input on how to troubleshoot this?

When does this permission error occur? Async search has been introduced with 7.7.0, are you actively using it?

Nope, not using it, unless Kibana is. Users experience it right after logging in and rendering the aDiscover page.

-------- Oprindelig besked --------

Ok, thanks for the information, we will fix that in the next v42 release scheduled for the mid-next week. Just for clarification: When you write:

“Give the role all cluster and indices permissions”

Do you mean that you tried to assign the full set of permissions (like, “*”) for all indices to the Kibana user role? And Kibana still showed the exception in the screenshot? Can you please add the role definition for the Kibana users you tried?

Excellent. Regarding permission I didn’t use a wildcard. Just tried to assign All of then via the Kibana plugin. And that particular permission is not present in the type-ahead box for some reason.

-------- Oprindelig besked --------

Ok, thanks. We identified the problem already and are working on a fix, ETA early next week. Sorry for the inconvenience!

Excellent - and no worries. That’s what pre-production environments are for :wink:

We have released v42 of the Kibana plugin which contains a fix, can you please try?
(Latest Releases | Security for Elasticsearch | Search Guard)

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.