what is the optimal configuration (sg_roles.yml) to work with search guard + elasticsearch

Search Guard
1

Hi,
i am getting lots of issues like the one below, what is the minimal config (sg_roles.yml) with which Kibana will function properly and is there any guides ?

indices:data/read/field_stats

Error: [security_exception] no permissions for indices:data/read/field_stats
at respond (http://elk.globalreach.dev/bundles/kibana.bundle.js?v=10000:78418:16)
at checkRespForFailure (http://elk.globalreach.dev/bundles/kibana.bundle.js?v=10000:78381:8)
at http://elk.globalreach.dev/bundles/kibana.bundle.js?v=10000:76999:8
at processQueue (http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:42404:29)
at http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:42420:28
at Scope.$eval (http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:43648:29)
at Scope.$digest (http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:43459:32)
at Scope.$apply (http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:43756:25)
at done (http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:38205:48)
at completeRequest (http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:38403:8)

sg_action_groups.yml:

(sg_roles.yml**)**

sg_kibana4_server:

cluster:

  - cluster:monitor/nodes/info

  - cluster:monitor/health

indices:

'*':

  '*':

    - KIBANA_SERVER

'filebeat-*':

  '*':

    - KIBANA_SERVER

'logstash-*':

  '*':

    - KIBANA_SERVER

'?kibana':

  '*':

    - KIBANA_SERVER

(sg_action_groups.yml)

KIBANA_SERVER:

  • indices:admin/exists*
  • indices:admin/mapping/put*
  • indices:admin/mappings/fields/get*
  • indices:admin/refresh*
  • indices:admin/validate/query*
  • indices:data/read/get*
  • indices:data/read/mget*
  • indices:data/read/search*
  • indices:data/write/delete*
  • indices:data/write/index*
  • indices:data/write/update*
  • indices:data/read/_field_stats*
  • indices:data/read/field_stats*
  • indices:data/read/msearch*
  • indices:data/read/field_stats

KIBANA_USER:

  • indices:data/read/field_stats
  • indices:data/read/msearch*
  • indices:data/read/_field_stats*
  • indices:data/read/field_stats*
  • indices:data/read*
  • indices:admin/mappings/fields/get*
  • indices:admin/validate/query*
  • indices:admin/get*

Thank you in advance!

2

You should give the Kibana server user all permissions for the .kibana index, as in the example config files:

sg_kibana4_server:

cluster:

  • cluster:monitor/nodes/info

  • cluster:monitor/health

indices:

‘?kibana’:

‘*’:

  • ALL

And then for the kibana user:

sg_kibana4_testindex:

indices:

‘test*’:

‘*’:

  • READ

  • indices:admin/mappings/fields/get*

  • indices:admin/validate/query*

  • indices:admin/get*

‘?kibana’:

‘*’:

  • indices:admin/exists*

  • indices:admin/mapping/put*

  • indices:admin/mappings/fields/get*

  • indices:admin/refresh*

  • indices:admin/validate/query*

  • indices:data/read/get*

  • indices:data/read/mget*

  • indices:data/read/search*

  • indices:data/write/delete*

  • indices:data/write/index*

  • indices:data/write/update*

···

On Thursday, 11 August 2016 10:16:56 UTC+2, Alan wrote:

Hi,
i am getting lots of issues like the one below, what is the minimal config (sg_roles.yml) with which Kibana will function properly and is there any guides ?

indices:data/read/field_stats

Error: [security_exception] no permissions for indices:data/read/field_stats
at respond (http://elk.globalreach.dev/bundles/kibana.bundle.js?v=10000:78418:16)
at checkRespForFailure (http://elk.globalreach.dev/bundles/kibana.bundle.js?v=10000:78381:8)
at http://elk.globalreach.dev/bundles/kibana.bundle.js?v=10000:76999:8
at processQueue (http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:42404:29)
at http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:42420:28
at Scope.$eval (http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:43648:29)
at Scope.$digest (http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:43459:32)
at Scope.$apply (http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:43756:25)
at done (http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:38205:48)
at completeRequest (http://elk.globalreach.dev/bundles/commons.bundle.js?v=10000:38403:8)

sg_action_groups.yml:

(sg_roles.yml**)**

sg_kibana4_server:

cluster:

  - cluster:monitor/nodes/info

  - cluster:monitor/health

indices:

'*':

  '*':

    - KIBANA_SERVER

'filebeat-*':

  '*':

    - KIBANA_SERVER

'logstash-*':

  '*':

    - KIBANA_SERVER

'?kibana':

  '*':

    - KIBANA_SERVER

(sg_action_groups.yml)

KIBANA_SERVER:

  • indices:admin/exists*
  • indices:admin/mapping/put*
  • indices:admin/mappings/fields/get*
  • indices:admin/refresh*
  • indices:admin/validate/query*
  • indices:data/read/get*
  • indices:data/read/mget*
  • indices:data/read/search*
  • indices:data/write/delete*
  • indices:data/write/index*
  • indices:data/write/update*
  • indices:data/read/_field_stats*
  • indices:data/read/field_stats*
  • indices:data/read/msearch*
  • indices:data/read/field_stats

KIBANA_USER:

  • indices:data/read/field_stats
  • indices:data/read/msearch*
  • indices:data/read/_field_stats*
  • indices:data/read/field_stats*
  • indices:data/read*
  • indices:admin/mappings/fields/get*
  • indices:admin/validate/query*
  • indices:admin/get*

Thank you in advance!