Errors with accessing the kibana

[Wei Hong]

I have changed the config file sg_roles.yml

sg_apache_tomcat:

  indices:

    'apache-tomcat-*':

      '*':

        - ALL

and the sg_roles_mapping.yml:

sg_apache_tomcat:

  users:

    - kirk

and in the kibana.yml, i added the entries

elasticsearch.username: "kibanaserver"

elasticsearch.password: "kibanaserver"

And with the  command  curl -XGET -u kirk:kirk "http://192.25.97.128:9200/apache-*?pretty" , i can get what i want.

But when i access the kibana with the "kirk", i got the errors as follow:

Courier Fetch Error: unhandled courier request error: unknown error 

Error: unhandled courier request error: unknown error
    at handleError (http://192.25.97.128:5601/bundles/kibana.bundle.js?v=9732:78871:23)
    at DocRequest.AbstractReqProvider.AbstractReq.handleFailure (http://192.25.97.128:5601/bundles/kibana.bundle.js?v=9732:78791:15)
    at http://192.25.97.128:5601/bundles/kibana.bundle.js?v=9732:78685:18
    at Array.forEach (native)
    at http://192.25.97.128:5601/bundles/kibana.bundle.js?v=9732:78683:19
    at processQueue (http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:42357:29)
    at http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:42373:28
    at Scope.$eval (http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:43601:29)
    at Scope.$digest (http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:43412:32)
    at Scope.$apply (http://192.25.97.128:5601/bundles/commons.bundle.js?v=9732:43709:25)

What't more, i can access the kibana with the "admin".

Can you tell me where did i miss?

[Wei Hong]

the elasticsearch debug is here:

_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to {}

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved aliases and indices: [.kibana]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved types: [config]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles: [sg_kibana4_server, sg_public]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana4_server

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator]   Try wildcard match for ?kibana

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator]   Wildcard match for ?kibana: [.kibana]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator]   matches for ?kibana, will check now types [*]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator]     resolvedActions for ?kibana/*: [indices:*]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator]     match requested action indices:data/read/search against ?kibana/*: [indices:*]

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] remaining requested aliases and indices: []

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] remaining requested resolved types: []

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana4_server', evaluate other roles for fls/dls purposes

[2016-06-16 17:26:05,666][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] sg_role sg_public is empty

[Wei Hong]

Who can help me solve the problem？ Thanks！

[SG]

does this work?


sg_apache_tomcat:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health

indices:
'apache-tomcat-*':
'*':
- ALL

'?kibana':
'*':
- READ
- indices:admin/mappings/fields/get*
- indices:admin/validate/query*
- indices:admin/get*
- indices:admin/exists*
- indices:admin/mappings/fields/get*
- indices:admin/refresh*
- indices:admin/validate/query*
- indices:data/read/get*
- indices:data/read/mget*
- indices:data/read/search*

> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/039b0253-f9bf-4bd2-a9bf-0ab1fecaccb1%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Wei Hong]

Sorry, I added these to the role, it still not work. The errors is 

"no permissions for indices:data/read/field_stats"

then i added the  " indices:data/read/field_stats"  behind  the "?kibana"

it still not work.

Is there something wrong?

在 2016年6月18日星期六 UTC+8上午3:08:02，SG写道：

[guo478...@gmail.com]

I　met the same problem , if you add the "indices:data/read/field_stats" , it will notice "indieces:data/read/mget"

the config should like this:

sg_apache_tomcat: 
  cluster: 
      - cluster:monitor/nodes/info 
      - cluster:monitor/health 

  indices: 
    'apache-tomcat-*': 
      '*': 
        - ALL 

    '?kibana': 
      '*': 
        - READ 
        - indices:admin/mappings/fields/get* 
        - indices:admin/validate/query* 
        - indices:admin/get* 
        - indices:admin/exists* 
        - indices:admin/mappings/fields/get* 
        - indices:admin/refresh* 
        - indices:admin/validate/query* 
        - indices:data/read/get* 
        - indices:data/read/mget* 
        - indices:data/read/search* 

    '*':

      '*':

        - indices:data/read/field_stats

在 2016年6月20日星期一 UTC+8上午9:24:14，Wei Hong写道：