Cannot access DevTools and Monitoring - Forbidden


(Vassilis Aretakis) #1

I do experience some issues with the admin account. I suspect I need to add more permissions to the account, or I am doing something wrong.

the log line is:

FORBIDDEN by default req={ ID:1759706464-825953394#8352581, TYP:SimulatePipelineRequest, CGR:N/A, USR:*****(?), BRS:false, KDX:null, ACT:cluster:admin/ingest/pipeline/simulate, OA:*******, DA:*****, IDX:<N/A>, MET:POST, PTH:/_ingest/pipeline/_simulate, CNT:<OMITTED, LENGTH=261>, HDR:{authorization=<OMITTED>, x-real-ip=****, Connection=keep-alive, content-type=application/json, Host=elasticsearch:9200, x-forwarded-for=******, Content-Length=261}, HIS:[Beats->[groups->false]], [Admin->[kibana_access->false, auth_key_sha256->true]], [readinesshealthcheck->[groups->false]], [Curator->[groups->false]], [:::RO:::->[groups->false]], [Cluster Monitoring->[groups->false]], [FluentD Logging indices->[groups->false]], [Logstash Logging indices->[groups->false]], [Rsyslog Logging indices->[groups->false]], [ElastAlert Logging indices->[groups->false]], [Kibana Server->[groups->false]] }

(I have cleaned the log by replacing some partsthe log)

The account is:

      - username: <same as USR>
        auth_key_sha256: e**b87f9d
        groups:
        - admin

Group:

   - name: Admin
     groups:
     - admin
     indices:
     - '*'
     kibana_access: admin
     type: allow

Also similar situation with the Monitoring. Do I need some extra permissions explicitly to be set?


(Simone Scarduzio) #2

Is this an arbitrary call originated by dev tools? Or is this originated by interacting with the Kibana UI?
In the latter case, you are right, we need to add this action to the white list for admin users.
In the former case, you might want to remove the kibana_access rule entirely and let anything through for the admin group.

Remember that kibana_access: admin does not mean god mode!