Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

read-only kibana user cannot use system after upgrade till index pattern is updated by a normal user #18019

Closed
elasticmachine opened this issue Jul 21, 2017 · 5 comments
Closed

read-only kibana user cannot use system after upgrade till index pattern is updated by a normal user #18019

elasticmachine opened this issue Jul 21, 2017 · 5 comments
Labels
Feature:Data Views Data Views code and UI - index patterns before 8.0 Feature:Kibana Management Feature label for Data Views, Advanced Setting, Saved Object management pages impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort

Comments

@elasticmachine
Copy link
Contributor

Original comment by @jguay:

Kibana version:
Upgrade from 5.4 to 5.5 (or 6.0 alpha2)

Elasticsearch version:
Upgrade from 5.4 to 5.5 (or 6.0 alpha2)

Description of the problem including expected versus actual behavior:
After an upgrade, a read-only user has following behaviour:

  • The user can browse to "Dashboard" page, when he tries to open dashboard I get the same error inside the dashboard
  • The user can browse to "visualisation", when I click on the visualisation nothing happens
  • cannot browse to Discover and get error "Request to Elasticsearch failed: "[security_exception] action [indices:data/write/index] is unauthorized for user [readonly]" and I cannot browse to discover data
    Browser network trace shows 403 request on a POST http://localhost:5601/es_admin/.kibana/index-pattern/myindexpattern*

Steps to reproduce:

  1. Install 5.4 with one index pattern, one visualisation and one dashboard
  2. Create a role with "read" and "view_index_metadata" to .kibana* and myindexpattern*
  3. Create a user called "readonlyuser" and assign the role
  4. login with readonlyuser and observe user can use Discover
  5. Upgrade ES to 5.5
  6. Login to kibana with readonlyuser and try to access Discover

Errors in browser console (if relevant):
"Request to Elasticsearch failed: "[security_exception] action [indices:data/write/index] is unauthorized for user [readonly]"

Provide logs and/or server output (if relevant):
Workaround is to login once with normal user to kibana and use the index patter

Describe the feature:
A great feature would be to update the index patterns upfront rather than on first usage of the index pattern
@elasticmachine
Copy link
Contributor Author

Original comment by @Rasroh:

cc @elastic/kibana-management ?

@gingerwizard
Copy link

gingerwizard commented May 18, 2018
edited
Loading

I believe this issue occurs whenever an index pattern exists but no matching indices for the pattern are present in ES. If those indices are then created and a read only user accesses a dashboard using the visuals, prior to the index patterns being refreshed in kibana, an attempt is made to modify the pattern through a PUT as indicated above.

I'm trying to produce a specific series of reproducible steps here. @alexfrancoeur this is a blocker for us.
This is occurring on 6.2.4.

@timroes timroes added Team:Visualizations Visualization editors, elastic-charts and infrastructure Feature:Kibana Management Feature label for Data Views, Advanced Setting, Saved Object management pages and removed :Management DO NOT USE labels Nov 27, 2018
@lukeelmers lukeelmers added Feature:Data Views Data Views code and UI - index patterns before 8.0 :AppArch and removed Team:Visualizations Visualization editors, elastic-charts and infrastructure Feature:Index Management Index and index templates UI labels Mar 27, 2019
@legrego legrego mentioned this issue May 8, 2020
Merged
@mattkime mattkime mentioned this issue Sep 17, 2020
Closed
@legrego legrego mentioned this issue Sep 29, 2020
Open
@legrego
Copy link
Member

legrego commented Sep 29, 2020

Had a user come across this issue here: #51759 (comment)

@laurentmldev
Copy link

Yes indeed we got quite the same issue.

Is their any planification for a fix in coming weeks ?

Thanks!

@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort labels Jun 21, 2021
@mattkime
Copy link
Contributor

mattkime commented Oct 5, 2021

The index pattern field cache was removed in this PR which should resolve the problem - #83368

@mattkime mattkime closed this as completed Oct 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Data Views Data Views code and UI - index patterns before 8.0 Feature:Kibana Management Feature label for Data Views, Advanced Setting, Saved Object management pages impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@mattkime @timroes @lukeelmers @legrego @gingerwizard @elasticmachine @laurentmldev