https://localhost:9200/_searchguard/api/internalusers
{
“logstash”: {
“hash”: “”,
“roles”: [
“logstash”
]
},
“snapshotrestore”: {
“hash”: “”,
“roles”: [
“snapshotrestore”
]
},
“formcept”: {
“hash”: “”,
“roles”: [
“sg_mecbot_pankaj1”
]
},
“admin”: {
“attributes”: {
“attribute1”: “value1”,
“attribute3”: “value3”,
“attribute2”: “value2”
},
“readonly”: “true”,
“hash”: “”,
“roles”: [
“admin”
]
},
“suresh”: {
“hash”: “”,
“roles”: [
“sg_own_index”,
“sg_kibana_user”
]
},
“pankaj1”: {
“hash”: “”,
“roles”: [
“sg_own_index”,
“sg_kibana_user”
]
},
“kibanaserver”: {
“readonly”: “true”,
“hash”: “”
},
“kibanaro”: {
“hash”: “”,
“roles”: [
“kibanauser”,
“readall”
]
},
“readall”: {
“hash”: “”,
“roles”: [
“readall”
]
}
}
For user pankaj1 authinfo
{
“user”: “User [name=pankaj1, roles=[sg_own_index, sg_kibana_user], requestedTenant=null]”,
“user_name”: “pankaj1”,
“user_requested_tenant”: null,
“remote_address”: “[::1]:49750”,
“backend_roles”: [
“sg_own_index”,
“sg_kibana_user”
],
“custom_attribute_names”: ,
“sg_roles”: [
“sg_own_index”
],
“sg_tenants”: {
“pankaj1”: true
},
“principal”: null,
“peer_certificates”: “0”,
“sso_logout_url”: null
}
For user suresh authinfo
{
“user”: “User [name=suresh, roles=[sg_own_index, sg_kibana_user], requestedTenant=null]”,
“user_name”: “suresh”,
“user_requested_tenant”: null,
“remote_address”: “[::1]:49750”,
“backend_roles”: [
“sg_own_index”,
“sg_kibana_user”
],
“custom_attribute_names”: ,
“sg_roles”: [
“sg_own_index”
],
“sg_tenants”: {
“suresh”: true
},
“principal”: null,
“peer_certificates”: “0”,
“sso_logout_url”: null
}
Given the above configs when i login as suresh I can’t create visualization or dashboard while everything is fine with pankaj1 login. Infact, any other user I create with same role config I am not able to create visualization or dashboard.
Note - pankaj1 was the first user i created.
This is extremely critical for us because we are very near to releasing the product.
Thanks
···
On Wednesday, November 28, 2018 at 4:22:56 PM UTC+5:30, Jochen Kressin wrote:
This usually means that the user does not have the required privileges to use Kibana.
Can you check that your users are actually assigned to the s_kibana_user role? For that, visit the SG authinfo endpoint:
https://sgssl-0.example.com:9200/_searchguard/authinfo
And in the JSON please check the sg_roles, it has to contain the sg_kibnana_user role.
On Tuesday, November 27, 2018 at 11:37:17 AM UTC+1, pankaj chand wrote:
Hi,
I created a user with roles sg_own_index and sg_kibana_user. But when I log in with that user the left side menu links for visualization, dashboard, Management are inactive ( ie if i click on these links I see nothing just blank whitespace no options to create dashboard or visualization or index patern…just an empty screen).
I have attached a file showing roles for user ‘Suresh’. Infact, funny part is that it is working for only one user ‘pankaj1’, if I create user with any other name it is not showing any thing. I have index created by name pankaj1, pankaj2, pankaj3 etc. But if i create users pankaj2, pankaj3 with same sg_own_index and sg_kibana_user permission, I don’t see any thing in visualization and other links.
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version - SG - 6.4.2-23.2 - ES 6.4.2
- Installed and used enterprise modules, if any
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
Regards
Pankaj