Starter Question

Hello All,

I’m having a terrible time setting up Search Guard. I’ve been working with Elasticsearch for quite some time and I’m very familiar with it, however when setting up Search Guard it seems unnecessarily difficult. I have Search Guard version 6.3 installed on a Elasticsearch cluster also version 6.3. Everything seems to be communicating fine. I’m not using the default certs or credentials. Currently I’m able to access Kibana with limited access and Logstash is able to send data. I made a new user and assigned it the ‘admin’ backend role. However the new user can’t see everything and can’t make any admin changes. I’m simply trying to create a user that can manage and view the cluster and indices. I’ve read and re-read the documentation and it isn’t making sense to me. What I’ve set up should be working…

My question is; is there a simple guide to creating users and roles? Maybe some tips and pointers? I’m sure I’m just not understanding the documentation correctly, but there doesn’t seem to be any other information other than the documentation. No setup youtube vids or third party guides. Now that my Elasticstack is working with all certs configured, I’d just like to be able to login and access my data. Currently I can’t. I’d like to setup a role with ‘God mode’ access so I can figure out what’s going on.

Thanks to anyone who can help!

Cheers!

Follow Up:

I think the problem is that the default users have no permissions. So I can’t create a user that has permissions… Also, the default roles and action groups are “RESERVED” and can’t be changed?? That’s not very helpful. I’m stuck and I’d love to get this resolved. Any help would be greatly appreciated.

Thanks.

···

On Monday, August 27, 2018 at 4:32:48 PM UTC-6, casp...@gmail.com wrote:

Hello All,

I’m having a terrible time setting up Search Guard. I’ve been working with Elasticsearch for quite some time and I’m very familiar with it, however when setting up Search Guard it seems unnecessarily difficult. I have Search Guard version 6.3 installed on a Elasticsearch cluster also version 6.3. Everything seems to be communicating fine. I’m not using the default certs or credentials. Currently I’m able to access Kibana with limited access and Logstash is able to send data. I made a new user and assigned it the ‘admin’ backend role. However the new user can’t see everything and can’t make any admin changes. I’m simply trying to create a user that can manage and view the cluster and indices. I’ve read and re-read the documentation and it isn’t making sense to me. What I’ve set up should be working…

My question is; is there a simple guide to creating users and roles? Maybe some tips and pointers? I’m sure I’m just not understanding the documentation correctly, but there doesn’t seem to be any other information other than the documentation. No setup youtube vids or third party guides. Now that my Elasticstack is working with all certs configured, I’d just like to be able to login and access my data. Currently I can’t. I’d like to setup a role with ‘God mode’ access so I can figure out what’s going on.

Thanks to anyone who can help!

Cheers!

Hi,

you said that "What I’ve set up should be working… " so it seems to me you already tried to set up some users and roles, right? If so, can you please post your configuration so we can have a look at it?

As to your question, the first thing you should read is the “Main Concepts” chapter here:

https://docs.search-guard.com/latest/main-concepts

So you understand the general request flow and how we use the role mapping to assign roles to users.

If you just want to use the internal user database, then the steps should be quite simple:

  1. Add users to internal_users.yml: https://docs.search-guard.com/latest/internal-users-database

  2. Set up one or more roles in sg_roles.yml: https://docs.search-guard.com/latest/roles-permissions

  3. Map users to roles in sg_roles_mapping.yml: https://docs.search-guard.com/latest/mapping-users-roles

After that, apply the configuration changes by using sgadmin.sh. That should do the trick.

Regarding authentication and authorization, the easiest to start with is HTTP Basic Authentication with the internal user database as described here: https://docs.search-guard.com/latest/internal-users-database

If you are not sure whether the setup is correct, you can always use the authinfo endpoint, which prints out information about the logged in user:

https://:/_searchguard/authinfo?pretty

``

This is helpful when debugging permission problems.

Since you had a hard time with the docs, may I ask what we can do to improve it? What was it that you found confusing? Did you try to use the search to find answers to your issues? Since we work with this stuff day in and out it is sometimes hard for us to see where users struggle, so any input here regarding improvements is highly appreciated.

···

On Monday, August 27, 2018 at 7:16:16 PM UTC-4, casperhxr@gmail.com wrote:

Follow Up:

I think the problem is that the default users have no permissions. So I can’t create a user that has permissions… Also, the default roles and action groups are “RESERVED” and can’t be changed?? That’s not very helpful. I’m stuck and I’d love to get this resolved. Any help would be greatly appreciated.

Thanks.

On Monday, August 27, 2018 at 4:32:48 PM UTC-6, casp...@gmail.com wrote:

Hello All,

I’m having a terrible time setting up Search Guard. I’ve been working with Elasticsearch for quite some time and I’m very familiar with it, however when setting up Search Guard it seems unnecessarily difficult. I have Search Guard version 6.3 installed on a Elasticsearch cluster also version 6.3. Everything seems to be communicating fine. I’m not using the default certs or credentials. Currently I’m able to access Kibana with limited access and Logstash is able to send data. I made a new user and assigned it the ‘admin’ backend role. However the new user can’t see everything and can’t make any admin changes. I’m simply trying to create a user that can manage and view the cluster and indices. I’ve read and re-read the documentation and it isn’t making sense to me. What I’ve set up should be working…

My question is; is there a simple guide to creating users and roles? Maybe some tips and pointers? I’m sure I’m just not understanding the documentation correctly, but there doesn’t seem to be any other information other than the documentation. No setup youtube vids or third party guides. Now that my Elasticstack is working with all certs configured, I’d just like to be able to login and access my data. Currently I can’t. I’d like to setup a role with ‘God mode’ access so I can figure out what’s going on.

Thanks to anyone who can help!

Cheers!