Authorisation not working properly


(Ajit) #1

Hi, I have create user1 and I am giving only delete access on index1 that is working fine. But index should not be fetch because I have not given read access on index1. Only delete operation should be perform on index1.
When I use GET index1/type1/1 index getting fetched. Please guide on this.

  • name: “user1”
    auth_key: user1:user1
    kibana_access: rw
    indices: [".kibana",“index1”]
    kibana_hide_apps: [“readonlyrest_kbn”]

    • name: “user1 extra actions to operate index1 from devtools”
      auth_key: user1:user1
      actions: [“indices:admin/delete”]
      indices: [“index1”]
      kibana_hide_apps: [“readonlyrest_kbn”]

(Simone Scarduzio) #2

As a matter of fact, you gave read permission in the moment you list “index1” as Kibana-accessible in the first block.

In order to create dashboards, Kibana needs to perform GET requests, and ROR can’t really (as it shouldn’t) distinguish between Kibana and devtools.