‏how to grant access to discover menu?

‏how to grant access to discover menu in readonlyrest.ylm file?
When I try to open Discover menu I get Error
=“OPERATION_NOT_ALLOWED” } } .status 401.

please show us the FORBIDDEN log from the ES logs.

I searched for FORBIDDEN in the log file located in /var/log/elasticsearch/“cluster_name”.log .
I can find several log records for the time I tried to open the discover.
These log records doesn’t have my username as USR but the following: USR:[no info about user]

please show us the full FORBIDDEN log entry

‏i have several log entries that took place in the same one or two minutes when i used the discover menu, which have inside the forbidden.
‏How could i know which of them is the one that caused the error?

you can check x-ror-kibana-request-path header from HDR part of the log to see what part of Kibana it relates to.

but you can show us more than one entry, obivously

There is no such a string in the entire log file.
I can find the string USR:myusername in the log records with the timestamp I got the discover error.

sorry, I cannot help you if you don’t show us your logs.

It is OK to show you all logs created since I got the forbidden error until 2 minutes after.?
dev_cls_blk.log (1.4 MB)

please show us your readonlyrest.yml too

The user that gets the error is Mordi and it belongs to Elastic-Admins AD group.
readonlyrest_dev_7.5.blk.txt (16.0 KB)

which user do you have configured as elasticsearch.username and elasticsearch.password in kibana.yml?

The username is elk, in kibana.yml.
the same as in the “allow all” section in readonlyrest.yml.

I cannot reproduce your problem. But you can use our docker-based ROR-sandbox to reproduce it and create a PR we can analyze (probably you will want to change readonlyrest.yml, elasticsearch.yml or/and kibana.yml). We will help you when you are able to reproduce it with the ROR-sandbox.

‏Why did you ask about elasticsearch username,password in kibana.yml ?

because the user used by Kibana should not be restricted. I wanted to see what block is matched for the internal Kibana requests

The elasticsearch username/password in readonlyrest.yml are in the “allow all” name section.
Should the elasticsearch password be the same as in kibana.yml file?
If it is not equal then could it be the cause of the discover forbidden error I got?

Using the information provided I cannot reproduce your issue. As I mentioned, you can use our ROR-sandbox, modify readonlyrest.yml, and create a PR. We will check it and try to advise sth or provide a fix.

I am an elasticsearch beginner not an expert. I don’t know how to reproduce the issue.

But you experience the issue, right? So, try to use your ROR setup in ROR sandbox and see what happens.