Multitenancy - index permission error

cr0ssmind · July 11, 2019, 1:07pm

Hello all,

I have configured authn/z to LDAP, role mapping that works well, but I’am facing with following error after I select my tenant and click to Discovery:

[    2019-07-11T13:57:24,402][INFO ][c.a.o.s.p.PrivilegesEvaluator] [elasticnode1] No index-level perm match for User [name=opsuser, roles=[Elasticsearch_Group_Seclog, Elasticsearch_Group_Opslog], requestedTenant=Opslog_tenant] Resolved [aliases=[.kibana_333248770_opslog], indices=[ ], allIndices=[.kibana_333248770_opslog_2], types=[ ], originalRequested=[.kibana_333248770_opslog, .kibana_333248770_opslog_2], remoteIndices=[]] [Action [indices:data/read/mget[shard]]] [RolesChecked [own_index, Seclog, Opslog]]
[2019-07-11T13:57:24,409][INFO ][c.a.o.s.p.PrivilegesEvaluator] [elasticnode1] No permissions for [indices:data/read/mget[shard]]

What is the problem? What I have missed?

cr0ssmind · July 12, 2019, 12:08pm

This is how I solved my problem:

I have had to add my backend roles (resolved LDAP group names) to the “kibana_user” role_mapping.yml.

It is very important to add it to the roles_mapping.yml and not to the roles.yml !

Topic		Replies	Views
Ldap users assigned to roles and index security error Security	3	459	January 15, 2021
Permission issue while creating index Security	21	2457	January 10, 2022
Security Issue: No permissions for [indices:admin/resolve/index] Security	10	12472	April 16, 2021
LDAP groups error with different index Security	8	3054	August 13, 2019
Index Level Permission of security plugin is not working with list of indices in role Security troubleshoot	12	1099	February 18, 2024

Multitenancy - index permission error

Related topics