Unable to modify authentication/authorization from Kibana UI

Referring to the docs, I have enabled to use security REST API and allowed modification of security config (authentication/authorization settings) using the parameter -

opendistro_security.unsupported.restapi.allow_securityconfig_modification: true

Using the REST api directly, I am able to run GET/PUT and modify the security configs. (PATCH however fails as explained in different thread).

However, from the Kibana UI, even though all other configs like roles, users etc are modifiable, but there is no option to modify the authentication/authorization settings.
By clicking on the Authentication & Authorization navigation entry, it displays the currently configured authentication and authorization domains. Disabled domains are greyed out. By clicking on the arrow symbol beside any domain, you can display its configuration, but there is no edit button to modify these from the kibana UI.

Is this behaviour expected and the modification of security configuration is prohibited from the UI by design in specific?
The only way for kibana users to modify security configurations is via running GET/PUT on the Dev tools page. Is my understanding correct or are there additonal steps that I may be missing?

@shivani this seems to be by design, the kibana users would not usually be involved in setting up authc & authz. The only other way apart from Dev tools, would be to update config.yml file and re-upload it using admin certificate, but this method is, as expected, designed for admin.

1 Like