this is the second time I’m posting this topic, I think the Headline of the original post was misleading.
The needed info:
Versions: Elasticsearch & Kibana in 6.3.2 , Search Guard in 6.2.3-22.0
OS: CentOs 7.4.1708
Plugins: just searchguard for elasticsearch and kibana
I’m trying to set up new users that have read access to every index, just like “readall” from the demo. Right now I have a user with 3 roles assigned to it:
the roles are:
readall, as it is defined through the demo
kibanauser, since it is recommended in the search guard docs
ti_read, a role defined by myself, that has exactly the same “rights” like readall(the ti_read info is attached at the end)
I updated the configuration with sgadmin, as one is supposed to do and gave it a try. What I’m observing now is that if I’m logging in with readall, I’m able to see/“read” every index without a problem. If I’m doing the login with k.just (my new test user) I’m not able to see anything, as an example you can see here the discover site:
I also tried to give “k.just” just the readall role, it never worked like I supposed. What I’m expecting is, that I would be able to see/“read” everything just like “readall”. My Questions:
Am I doing anything wrong?
Did I understand anything in the wrong way?
Is there something missing?
And if one of these things or anything that I didn’t consider since yet is true, could you please guide me in the right direction?
ti_read info, role mapping: