Hello,
ROR: 1.18.2_es.7.2.0 + ror_kbn_1.18.2_enterprise
I have this config:
readonlyrest:
prompt_for_basic_auth: false
access_control_rules:
- name: "::KIBANA SRV::"
groups: ["kibana-srv"]
indices: [".kibana*"]
- name: "::FULL ADMIN::"
groups: ["full-admin"]
kibana_access: admin
indices: ["*"]
- name: "::CLIENT ADMIN::"
groups: ["client-admin"]
kibana_access: rw
kibana_hide_apps: ["readonlyrest_kbn"]
- name: "::CLIENT RO::"
groups: ["client-ro"]
kibana_access: ro
kibana_hide_apps: ["readonlyrest_kbn", "timelion", "kibana:dev_tools", "kibana:management"]
users:
- username: kibana
groups: ["kibana-srv"]
auth_key: kibana:kibana
- username: fulladmin
groups: ["full-admin"]
auth_key: fulladmin:kgvt7
- username: clientadmin
groups: ["client-admin"]
auth_key: clientadmin:5erj3
- username: client
groups: ["client-ro"]
auth_key: client:zk3h8
I can not create any index with user fulladmin or clientadmin:
Sep 13 08:09:31 prbiges005es002d01 elasticsearch[29601]: [2019-09-13T08:09:31,554][INFO ][t.b.r.a.l.AclLoggingDecorator] [prbiges005es002d01] FORBIDDEN by default req={ ID:304109194-864643730#413732, TYP:IndexRequest, CGR:N/A, USR:[user not logged], BRS:true, KDX:null, ACT:indices:data/write/index, OA:172.24.135.125/32, XFF:null, DA:172.24.135.125/32, IDX:aaa, MET:POST, PTH:/aaa/doc, CNT:<OMITTED, LENGTH=7.0 B> , HDR:Accept=*/*, Authorization=<OMITTED>, Content-Length=7, Content-Type=application/json, Host=prbiges005es002d01:9200, User-Agent=curl/7.58.0, HIS:[::KIBANA SRV::-> RULES:[groups->false], RESOLVED:[]], [::FULL ADMIN::-> RULES:[groups->false], RESOLVED:[]], [::CLIENT ADMIN::-> RULES:[groups->true, kibana_access->false], RESOLVED:[user=clientadmin;group=client-admin;av_groups=client-admin]], [::CLIENT RO::-> RULES:[groups->false], RESOLVED:[]] }