Hi Simone,
The settings of ‘kibana_access: ro’ is very useful to grant read only permission to kibana. One issue at the moment is that this particular setting does not allow writing short url (goingt to ‘Share-> Short url’.
At the moment, to go around the issue, we have configrued two rules, one with the kibana_access:ro and a second one like
- indices:
- cert*
- ".kibana"
- ".kibana_cert"
kibana_access: ro
kibana_index: ".kibana_cert"
name: es-cert kibana_reader
type: allow
- indices:
- ".kibana_cert"
methods:
- POST
name: es-cert kibana_short_url
type: allow
uri_re: "^/.kibana_cert/(index-pattern|url)/.*"
Would it be possible to include the rule of writing the url directly in the kibana_access:ro, so that the second rule would not be needed anymore?
For information, this is what we see in the log file for these type of actions
[2017-05-04T14:49:58,060][INFO ][o.e.p.r.IndexLevelActionFilter] [q500N6i] forbidden request: { ID:85889154425c494693a3baad9b381a1d, TYP:IndexRequest, USR:null, BRS:false, ACT:indices:data/write/index, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/.kibana/index-pattern/job, CNT:<OMITTED, LENGTH=1416>, HDR:cookie,x-forwarded-proto,host,x-forwarded-port,connection,content-type,x-forwarded-for,Content-Length, EFF:0, HIS:[Checkin kibana_ro->[kibana_access->false]], [Hello->[actions->false]] } Reason: null (null)
Thanks,
pablo