Unable to access all fields. Blocked by ACL

The correct procedure is given on documentation, after i followed it, i have created dashboard, but the new problem is coming while opening dashboard

[esaggs] > "field" is a required parameter

and

Error fetching fields for index pattern winlogbeat-* (ID: winlogbeat-*)

[email protected]://206.189.128.192:5601/bundles/commons.bundle.js:3:4453680
[email protected]://206.189.128.192:5601/bundles/commons.bundle.js:3:4455462
[email protected]://206.189.128.192:5601/bundles/commons.bundle.js:3:4451135
[email protected]://206.189.128.192:5601/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:338:774550
l/i._invoke</<@http://206.189.128.192:5601/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:338:774304
v/</e[t]@http://206.189.128.192:5601/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:338:774907
[email protected]://206.189.128.192:5601/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:338:774550
[email protected]://206.189.128.192:5601/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:338:775046
t/<@http://206.189.128.192:5601/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:338:775196

But index exists

It says this error in visualization. Since i am new to ELK stack, could you help me getting this solved?

Please tail the log /var/log/elasticsearch/*log and try again getting that error in Kibana. You will probably see one or more log lines including the word “FORBIDDEN” plaste them here. Paste here also your YAML settings (readonlyrest.yml).

Since there were 11MB of logs (grepped with FORBIDDEN) so i have created a pastebin

Link: https://we.tl/t-ZqNdCphDW4

readonlyrest:
        access_control_rules:
                - name: "Require HTTP Basic Auth"
                  type: allow
                  auth_key: user:password

@tbhaxor if you are using our Kibana plugins, please follow our documentation page to have a minimum ACL configuration in place before starting using it.

@sscarduzio i tried using

actions: ["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create"]
indices: ["logstash-*"]

with my existing readonly rest, like

readonlyrest:
        access_control_rules:
                - name: "Require HTTP Basic Auth"
                  type: allow
                  auth_key: user:password
                  actions: ["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create"]
                  indices: ["logstash-*"]

The kibana status has been changes to red. See this PDF https://we.tl/t-ge0AgEo1NU

Yeah that won’t work for Kibana, it’s not that simple. A Kibana session has a lot of specific actions going on at different times and to different indices. We collected those in the macro rule “kibana_access” in purpose.

You can read how to use it here

I tried using all kibana_access

In all i am getting

There is a Kibana bug about that message, there’s some workarounds but nobody really pin pointed a true solution.

However, as far as I understood your readonlyrest.yml looks like this:

But it still can’t work because you should allow the user to see its own “.kibana” index, so please change the indices rule to something like:

indices: ["logstash-*",  ".kibana"]