I’m using ODFE via debian packages.
- opendistro-security/2021.1,now 1.7.0.0-0 amd64 [installed,automatic]
- opendistroforelasticsearch-kibana/2021.1,now 1.7.0 amd64 [installed,automatic]
- elasticsearch-oss/2021.1,now 7.6.1 amd64 [installed,automatic]
- opendistroforelasticsearch-kibana/2021.1,now 1.7.0 amd64 [installed,automatic]
I have a readonly user that I want to be able to see the metricbeat visualiazations.
The metricbeat system dashboard installed by metricbeat does the display all the visualizations to my readonly user.
Probably Kibana is trying to write (according to the elasticsearch log message – see below, but not according to the displayed error message in the Kibana dashboard which claims there are fetch/read problems).
Randomly at the end of putting up the visualizations on the dashboard, there will be a spurious error message. That error message and error in the elasticsearch log file don’t occur when I’m logged in as the admin user.
At the time of the problem, I get a message in the elasticsearch log stating that
`2020-10-23T12:06:29,000][WARN ][c.a.o.s.c.PrivilegesInterceptorImpl] [10.43.186.10] Tenant global_tenant is not allowed to write (user: xxxx)
At the same time in the Kibana GUI, I get this:
and if I click on “See the full error”, I get this:
I have tried various ways to make the problem go away by editing the security role associated with this user in my roles.yml ( I tried both “*” and “global_tenant” for the tenant_patterns)
read_only_index:
reserved: true
hidden: false
cluster_permissions:
- cluster_composite_ops_ro
- cluster_monitor
index_permissions:
- index_patterns:
- "*"
allowed_actions:
- read
- search
- cluster_monitor
- indices_monitor
tenant_permissions:
- tenant_patterns:
- "*"
allowed_actions:
- kibana_all_read
I have attempted to simplify tenancy issues, by disabling mult-tenancy.
Here is the relevant snippet from my kibana.yml:
opendistro_security.multitenancy.enabled: false
opendistro_security.readonly_mode.roles: ["kibana_read_only", "read_only_index"]