search-guard-6-6.8.4-25.5.zip
search-guard-kibana-plugin-6.8.4-18.5.zip
Install Demo per Demo Installer (Linux/Mac) | Elasticsearch Security | Search Guard
Define user alice
in sg_internal_users.yml
alice:
readonly: true
hash: $2y$12$xGK4NJredact
roles:
- sg_kibana_user
sg_kibana_user
role is as provided by demo installer:
sg_kibana_user:
readonly: true
cluster:
- INDICES_MONITOR
- CLUSTER_COMPOSITE_OPS
indices:
'?kibana':
'*':
- MANAGE
- INDEX
- READ
- DELETE
'?kibana-6':
'*':
- MANAGE
- INDEX
- READ
- DELETE
'?kibana_*':
'*':
- MANAGE
- INDEX
- READ
- DELETE
'?tasks':
'*':
- INDICES_ALL
'?management-beats':
'*':
- INDICES_ALL
'*':
'*':
- indices:data/read/field_caps*
- indices:data/read/xpack/rollup*
- indices:admin/mappings/get*
- indices:admin/get
Log in to Kibana as alice
and all that is displayed is this:
{"message":"no permissions for [indices:data/read/search] and User [name=alice, roles=[sg_kibana_user], requestedTenant=null]: [security_exception] no permissions for [indices:data/read/search] and User [name=alice, roles=[sg_kibana_user], requestedTenant=null]","statusCode":403,"error":"Forbidden"}
In /var/log/elasticsearch/searchguard_demo.log
is
[2019-11-07T17:33:55,502][INFO ][c.f.s.p.PrivilegesEvaluator] [P053Uyn] No index-level perm match for User [name=alice, roles=[sg_kibana_user], requestedTenant=null] Resolved [aliases=[.kibana], indices=[], allIndices=[.kibana_1], types=[*], originalRequested=[.kibana], remoteIndices=[]] [Action [indices:data/read/search]] [RolesChecked [sg_own_index]]
[2019-11-07T17:33:55,502][INFO ][c.f.s.p.PrivilegesEvaluator] [P053Uyn] No permissions for [indices:data/read/search]
If I give alice
the admin
role then Kibana works fine. I’ve tried explicitly adding indices:data/read/search
to the sg_kibana_user
role but it doesn’t help. (Nor would I expect it to given what READ
expands to.)