Current user configuration for indices and mapping

Hoping someone knows the answer to this. I have a user configured like this:

name: "::my user::"
auth_key_sha256: f2497ca79cae39fedd2541g165beeda2617074527c7ad5391313928de155a572
type: allow
kibana_access: rw
indices: ["page","folder","document","file"]

That works except for one thing. It does not allow me to create a new mapping in elasticsearch, I get a 401.

This one of course works but gives too much access.

 name: "::my user::"
auth_key_sha256: f2497ca79cae39frtd25414165beeda2617074527c7ad5391313928de155a572
type: allow

So what I really need is to configure the user to be able to access the indices above but also be able to create a mapping if necessary.


Hello @suwatechie,

I think you forgot to add the .kibana index in the list of allowed indices. So it should look like this:

- name: "::ImageRight user::"
  auth_key_sha256: "f2497ca79cae39fe7d25414165beeda2617074527c7ad5391313928de155a572"
  type: "allow"
  kibana_access: "rw"
  indices: ["page", "folder", "document", "file", ".kibana"]

Let us know how it goes :slight_smile:

Thank you that worked. Didn’t know that index is what controlled mapping!

Well the idea is that if you want a user to be able to sustain a kibana session, you need he/she to be able to access the “.kibana” index, which is where Kibana saves configurations and objects like visualizations and dashboards.

So either you don’t specify any indices rule, or when you do, you make sure you include “.kibana” (or a custom kibana index, if you specified one).