Using readonlyrest version 1.33.1 for both Kibana and ES (7.14.0), we are still getting ACL logs even though all ACLs have verbosity: error set. This isn’t the case on systems with ES that don’t have Kibana installed, but for some reason systems WITH Kibana log the request no matter what. The ACL that it seems to hit and log is the one named ::kibana::
ACL looks like this:
readonlyrest:
access_control_rules:
- name: "::deny users::" #deny certain users
type: forbid
groups: ["deny"]
verbosity: error
- name: "::kibana::" #allowed to all
type: allow
indices: ["*"]
kibana_access: rw
ldap_authentication: "mdvdc1"
ldap_authorization:
name: "mdvdc1"
groups: ["Elasticsearch_readonly","Elasticsearch"]
verbosity: error
- name: "::readonly::"
type: allow
actions: ["indices:data/read/*"]
groups: ["readonly" ]
verbosity: error
- name: "::readonly_per_env::"
type: allow
actions: ["indices:data/read/*"]
ldap_authentication: "mdvdc1"
ldap_authorization:
name: "mdvdc1"
groups: ["Elasticsearch_readonly","Elasticsearch"]
verbosity: error
- name: admin
type: allow
ldap_authentication: "mdvdc1"
ldap_authorization:
name: "mdvdc1"
groups: ["Elasticsearch"]
actions: ["cluster:monitor/*","cluster:*","cluster:monitor/nodes/stats","indices:monitor/stats", "indices:*"]
verbosity: error