SG role to a specific index pattern

#1

Hi Team, I am new to Search Guard.

I could able to configure SG with ES and Kibana. But i am getting an issue while assigning a role to user.

User is able to login, but getting permission issues. Below are the logs…

Error on Browser:
{"message":"no permissions for [indices:data/read/search] and User [name=user1, roles=[SG_MY_ROLE], requestedTenant=null]: [security_exception] no permissions for [indices:data/read/search] and User [name=user1, roles=[SG_MY_ROLE], requestedTenant=null]","statusCode":403,"error":"Forbidden"}

Error on search Guard logs:
No index-level perm match for User [name=user1, roles=[SG_MY_ROLE], requestedTenant=null] Resolved [aliases=[.kibana], indices=[], allIndices=[.kibana_1], types=[*], originalRequested=[.kibana], remoteIndices=[]] [Action [indices:data/read/search]] [RolesChecked [SG_MY_ROLE, SGS_OWN_INDEX]]

Here is my sg_roles.yml

SG_MY_ROLE:

description: “my search guard role”
cluster_permissions:
- SGS_CLUSTER_ALL
- indices:*
index_permissions:
- index_patterns:
- “localdocs”
allowed_actions:
- SGS_INDICES_ALL
- indices:data/read/search
- indices:data/read/mget*
- indices:data/read/msearch*
here is my sg_role_mapping.yml:

SG_MY_ROLE:

reserved: true
users:

  • “user1”

i have googled and applied below few things but still facing the same issue…
- indices:data/read/search
- indices:data/read/mget*
- indices:data/read/msearch*
but surprisingly it is working when i set index_pattern to * like below…

index_permissions:
- index_patterns:
- “*”
But i want to apply permission to only one index_pattern. Can some one help me on it.

Thanks in Advance.
Paramesh.

#2

From the error message it seems to me that “user1” is using Kibana. In the error message SG complains that your user does not have access to the .kibana index and/or aliases of this index:

No index-level perm match for User [name=user1, roles=[SG_MY_ROLE], requestedTenant=null] Resolved [aliases=[.kibana], indices=[], allIndices=[.kibana_1], types=[*], originalRequested=[.kibana], remoteIndices=[]] [Action [indices:data/read/search]] [RolesChecked [SG_MY_ROLE, SGS_OWN_INDEX]]

All Kibana users should be assigned to the SGS_KIBANA_USER role as well. This role grants the permissions to access Kibana and the .kibana indices:

Please map your user1 to this role as well, like:

SGS_KIBANA_USER:
  users:
    - "user1"
assigned jkressin #3
#4

Hi, jkressin, Thank you it worked.