Hello,
this is the second time I’m posting this topic, I think the Headline of the original post was misleading.
The needed info:
Versions: Elasticsearch & Kibana in 6.3.2 , Search Guard in 6.2.3-22.0
Modules: None
Java: 1.8.0.0_161
OS: CentOs 7.4.1708
Plugins: just searchguard for elasticsearch and kibana
I’m trying to set up new users that have read access to every index, just like “readall” from the demo. Right now I have a user with 3 roles assigned to it:
:
username: k.just
hash: $2y$12$2r7l2vN2rf3ghAVwrqGvy.jkY4Q1mGOFGhXxV8IYiScv3vxS5GK/m
roles:
-
readall
-
kibanauser
-
ti_read
``
the roles are:
-
readall, as it is defined through the demo
-
kibanauser, since it is recommended in the search guard docs
-
ti_read, a role defined by myself, that has exactly the same “rights” like readall(the ti_read info is attached at the end)
I updated the configuration with sgadmin, as one is supposed to do and gave it a try. What I’m observing now is that if I’m logging in with readall, I’m able to see/“read” every index without a problem. If I’m doing the login with k.just (my new test user) I’m not able to see anything, as an example you can see here the discover site:
I also tried to give “k.just” just the readall role, it never worked like I supposed. What I’m expecting is, that I would be able to see/“read” everything just like “readall”. My Questions:
-
Am I doing anything wrong?
-
Did I understand anything in the wrong way?
-
Is there something missing?
-
And if one of these things or anything that I didn’t consider since yet is true, could you please guide me in the right direction?
Regards,
Kevin
ti_read info, role mapping:
sg_ti_read:
readonly: true
backendroles:
- ti_read
``
role:
sg_ti_read:
readonly: true
cluster:
-CLUSTER_COMPOSITE_POS_PRO
indices:
‘':
'’:
-READ
``