I am using elasticsearch 5.6 with xpack plugin.
my kibana user connects to elstic with read_only role.
"read_only": {
"cluster": [
"monitor"
],
"indices" : [
{
"names" : [ "my-index-*" ],
"privileges" : ["read", "view_index_metadata"]
},
{
"names" : [ ".kibana*"],
"privileges" : ["read", "view_index_metadata"]
}
]
}
"kibana_system": {
"cluster": [
"monitor",
"cluster:admin/xpack/monitoring/bulk"
],
"indices": [
{
"names": [
".kibana*",
".reporting-*"
],
"privileges": [
"all"
]
},
{
"names": [
".monitoring-*"
],
"privileges": [
"read"
]
}
],
"run_as": [],
"metadata": {
"_reserved": true
},
"transient_metadata": {
"enabled": true
}
}
It succeed to connect only if I added "kibana_system" role to the user in addition to "read_only" role.
What does "kibana_system" role for?
How can I grant less permission to my user? without "kibana_system" I need read only for my-index-*
You just need to add the kibana_user role and the monitoring_user role to your user and you'll be good to go.
No change necessary to the read_only role.
From the same page, the kibana_system role...
...should not be assigned to users as the granted permissions may change between releases.