Hi,
I have a kibana access block which, atm, looks like this:
- name: "::AUTHORIZED_KIBANA_RW_ACCESS::"
kibana_access: rw
kibana_index: .kibana
indices: ["*"]
However, writes to the .kibana_task_manager index are being blocked by block lower down which prevent bulk ingestion on this node. So, why is this index update from kibana not captured by this code block?
Thx
D
.kibana_task_manager index - if I remember correctly - should be handled by Kibana server, not by the browser. So please create a block above this with “auth_key” basic auth credentials to be configured in kibana.yml.
Also please, can you paste the whole ACL when you ask support? I’m only imagining that you did not have the kibana server block…
Ok, here’s the config I’m using atm:
readonlyrest:
access_control_rules:
- name: "::ALLOW_KIBANA_RW::"
kibana_access: rw
kibana_index: .kibana
indices: ["*"]
- name: "::DENY_INGEST::"
actions: ["indices:data/write/*"]
indices: ["*"]
type: forbid
- name: "::ALLOW_SEARCH::"
actions: ["indices:data/read/*"]
type: allow
indices: ["*"]
- name: "::TMP_ALLOW_ALL::"
indices: ["*"]
type: allow
So yes, I was right. You need a top ACL block for the Kibana server.
readonlyrest:
access_control_rules:
- name: "::KIBANA-SRV::"
auth_key: "kibana:<your_kibana_password>"
elasticsearch.username: "kibana"
elasticsearch.password: "<your_kibana_password>"