0

I am using elasticsearch 5.6 with xpack plugin.

my kibana user connects to elstic with read_only role.

"read_only": {
  "cluster": [
        "monitor"
        ],
      "indices" : [
        {
          "names" : [ "my-index-*" ],
          "privileges" : ["read", "view_index_metadata"]
        },  
        {
          "names" : [ ".kibana*"],
          "privileges" : ["read", "view_index_metadata"]
        }           
      ]
}



"kibana_system": {
    "cluster": [
        "monitor",
        "cluster:admin/xpack/monitoring/bulk"
        ],
    "indices": [
        {
        "names": [
            ".kibana*",
            ".reporting-*"
            ],
        "privileges": [
            "all"
            ]
        },
        {
        "names": [
            ".monitoring-*"
            ],
        "privileges": [
            "read"
            ]
        }
    ],
    "run_as": [],
    "metadata": {
        "_reserved": true
    },
    "transient_metadata": {
        "enabled": true
    }
}

It succeed to connect only if I added "kibana_system" role to the user in addition to "read_only" role.

What does "kibana_system" role for?

How can I grant less permission to my user? without "kibana_system" I need read only for my-index-*

Maria Dorohin
  • 355
  • 4
  • 17

1 Answers1

1

You just need to add the kibana_user role and the monitoring_user role to your user and you'll be good to go.

No change necessary to the read_only role.

From the same page, the kibana_system role...

...should not be assigned to users as the granted permissions may change between releases.

Val
  • 207,596
  • 13
  • 358
  • 360
  • If I set "kibana_user" I got authorization exception and it solved only if I add "monitor" to the read_only role cluster(as above) or add kibana_system role. – Maria Dorohin Apr 28 '20 at 13:57
  • The kibana_user role is supposed to have the cluster:monitor role, but if it's not the case, you can definitely add it to your read_only role. The `kibana_user` role is only useful to allow your user to log into kibana – Val Apr 28 '20 at 14:06
  • I see that it does not have the "monitor" cluster at least at version 5.6. what is the purpose on "monitor" cluster? – Maria Dorohin Apr 28 '20 at 14:29
  • The `monitor` privilege is described [here](https://www.elastic.co/guide/en/x-pack/5.6/security-privileges.html) – Val Apr 28 '20 at 14:30
  • Actually there's a better solution, see my updated answer – Val Apr 28 '20 at 14:35