Unable to delete index in Kibana UI as Admin

FORBIDDEN by default req={  ID:1701397645-982437262#137883,  TYP:DeleteIndexRequest,  CGR:Elastic Admins,  USR:[user not logged],  BRS:false,  KDX:null,  ACT:indices:admin/delete,  OA:127.0.0.1/32,  XFF:null,  DA:127.0.0.1/32,  IDX:<N/A>,  MET:DELETE,  PTH:/apm-7.0.1-onboarding-2019.05.09%2Capm-7.0.1-metric-2019.05.09?expand_wildcards=none&format=json,  CNT:<N/A>,  HDR:Connection=keep-alive, Content-Length=0, Host=localhost:9200, authorization=Basic bW1vcnJpc29uOiFRQUBXUzNlZDRyZjV0ZzZ5aDd1ajhpaw==, x-ror-current-group=Elastic Admins,  HIS:[::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]], [Allow Elastic Admins full priv->[ldap_auth->true, kibana_access->false]], [Allow users basic access->[ldap_auth->false]]  }

My admin user has the kibana_access set to “admin” in the readonlyrest.yml and I’m using the enterprise KBN plugin but unable to delete an index via the Kibana UI. Additionally, I am not able to setup index lifecycle management as I get a forbidden in the elasticsearch logs. Is there some new setting with the newer versions that I need to change in my readonylrest.yml or how can I fix both these problems? Running 7.0.0 with the latest ROR plugins.

Hello Matt, next ROR version will allow admins to operate index management fully.
Can you try temporarily commenting “kibana_access: admin” for your admin user and verify it works?

Commenting it out? like #kibana_access:admin?
because it’s currently set to kibana_access:admin

Yes exactly. That would remove any access restriction on ES actions you can request.
The reason I’m asking you to do this is because I see that the log line you showed arrived to ES without any credentials.

If you come back saying that after commenting that line you can do what you wanted, we can pin point your issue was because of the too restrictive “kibana_access” rule for admins.

Commenting out the kibana_access:admin allowed me to delete the index via the UI (which I wasn’t able to do originally)

1 Like

OK good, next version is coming soon.

1 Like

@sscarduzio I have the latest 1.20 release and am seeing a similar issue.
I see that in 1.20 you need to have kibana_access:admin in order to modify the access control rules in kibana but doing that means that I am restricted in my actions. In particular, it seems to block delete actions. Am I missing something?

  - name: "::LDAP - ADMIN::"
   type: allow
   ldap_authentication: "ldap1"
    ldap_authorization:
      name: "ldap1"
      groups: ["admin-group"]
    kibana_access: admin

FORBIDDEN by default req={ ID:1201909950-1806437143#1018, TYP:DeleteRequest, CGR:N/A, USR:admin (attempted), BRS:false, KDX:null, ACT:indices:data/write/delete,
HIS:[::LDAP - ADMIN::-> RULES:[ldap_authentication->true, ldap_authorization->true, kibana_access->false], RESOLVED:[user=admin;group=admin-group;av_groups=admin-group]],

Change kibana_access: admin to kibana_access: unrestricted