Discover: [security_exception] action [indices data read msearch] is unauthorized for user

Discover: [security_exception] action [indices:data/read/msearch] is unauthorized for user

If you select a date range in the Kibana discover tab that includes some data, everything will work correctly.

If you include a range that includes no data, you’ll get an authorization error because the user is not permitted to execute _msearch.

The _msearch it’s trying to execute is for .kibana-devnull.

This is with Elasticsearch 2.3.2 / Shield 2.3.2/ and no longer a requirement in 5.0.

https://github.com/elastic/kibana/issues/6302

Referring to https://www.elastic.co/guide/en/shield/2.3/kibana.html#CO28-1

For example, the following my_kibana_user role only allows users to discover and visualize data in the logstash-* indices.

my_kibana_user:
 cluster:
 - monitor
 indices:
 - names: 'logstash-*'
 privileges:
 - view_index_metadata
 - read
 - names: '.kibana*' 
 privileges:
 - manage
 - read
 - index
 
All Kibana users need access to the .kibana and .kibana-devnull indices.

 

Advertisements