Kibana user - Security setup

I have the following setup:

  1. Index 203813.
  2. Default index pattern of *
  3. Multi tenancy is turned off.
  4. “logging-role” with index pattern of [203813,.kibana* ] & security permissions of [indices:data/read/search,indices:data/read/get ]
  5. “logging-role” mapping with backend role of 203813

When a user with the backend role of 203813 logs in they are unable to find any data within the kibana dashboard but running
GET 203813/_search { "query": { "match_all": {} } }
in dev tools returns results.

Why is the user not able to see/query data from the dashboard?

Hi sthomps,

I think I’m having a the same problem. I’ve made a more broad use case here.
And I think the problem is related with some recent issue because it’s weird that no one pointed this out earlier.

I finally got my setup to work. There is a setting in /usr/share/elasticsearch/plugins/opendistro_security/securityconfig\config.yml called do_not_fail_on_forbidden. The default is set to false and setting it to true allows my user to see the indexes that they should.

It seems surprising to me that a) this setting is defaulted to false and b) none of the documentation/examples mention this.

I appreciate the thought behind creating these open source plugins but this will fail if documentation doesn’t improve along with support in the forums and github issues.

I agree with you, there is a need for extra documentation on things that I imagine are related with the core usage of elastic.

Thank you for your response, it solved half of my problem. Now I have the problem of an index pattern “*” not showing data from 2+ allowed indexes.

Just curious as I use the same “*” pattern as well. I assume that you’ve created/imported this into Kibana and set this as default?


I found the issue on my case. I using the samples from Kibana to test this and ecommerce sample doesn’t have a @timestamp which caused it to not appear in the discovery for “*” index pattern.
Thank you for your help, it was huge.