I am using SearchGuard 5 with Elasticsearch and Kibana 5.
Kibana users should be able to save searches, visualizations and dashboards. According to the docs the sg_kibana role allows full access to the .kibana index.
Nevertheless when saving a new object the operation is denied with “`Dashboard: no permissions for indices:data/write/bulk: [security_exception] no permissions for indices:data/write/bulk”
`This can only be solved by adding the “indices:data/write/bulk” cluster level permission. Why is that. I don’t want my users to write to anything else than the .kibana index.