Querying missing index causes security exception

We use grafana and in some cases users get a security exception no permissions when at least one of the requested indices does not exist, e.g. when there’s a one day gap when requesting a week.

How can we avoid that?

Do you know what the underlying query looks like? Is it a wildcard query, or simply a query with, say, 3 indices where one does not exist?

And what is the setting of the following property in sg_config:

searchguard:
  dynamic:
    kibana:
      do_not_fail_on_forbidden: true|false

For Kibana (and Grafana for that matter) it should be set to true:

Hi Jochen,

I tried that setting, wondering why it was in the kibana section: will it only affect the kibana user? Anyway, it didn’t help solving my issue which involves queries against multiple explicitly requested indices like foo-2019.06.14,foo-2019.06.15,foo-2019.06.16 when the middle one is missing for instance.