I want to create a user with predefined roles: Users and Roles - Open Distro Documentation
I tried editing the internal_users.yml
file like below:
_meta:
type: "internalusers"
config_version: 2
# Define your internal users here
admin:
hash: $2a$12$cTiFk0k0Ag2JEGlu4i6BDu.ESh0qzFHivIE/5uvaBdFpKMAo3ZPRa
reserved: true
backend_roles:
- admin
description: "Demo admin user"
# <--------------here----------->
readall_monitor:
hash: $2a$12$5FS2ApvIzJpMi41ezyqr8eYzBY7B8p6mFD/QERjV6Z4cMOYQlKYBK
opendistro_security_roles:
- readall_and_monitor
But I can’t check the cluster health this new credential.
$ curl -XGET "https://localhost:9200/_cluster/health?pretty" -u "readall_monitor:fuuax6j2" --insecure
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "no permissions for [cluster:monitor/health] and User [name=readall_monitor, opendistro_security_roles=[readall_and_monitor], requestedTenant=null]"
}
],
"type" : "security_exception",
"reason" : "no permissions for [cluster:monitor/health] and User [name=readall_monitor, opendistro_security_roles=[readall_and_monitor], requestedTenant=null]"
},
"status" : 403
What am I missing here?
kamolhasan:
readall_monitor
I am facing the same issue. I have added a new user and assigned some predefined roles as well. Followed the steps to create read user following this link “Users and Roles - Open Distro Documentation ”.
However, the new user cannot see any indexed data, even though the permission is there to read “*” index.
The way I solved the issue:
Create users using with internal_users.yml file
Give permission with role_mapping.yml file
1 Like
kamolhasan:
- readall_and_monitor
Hi Kamol,
Thank you so much for the reply. I tried that but my new user is not created with that. I used the following configs
in “internal_users.yml” I added the following
kibana-read:
hash: “$2y$12$u6kQWiyhaRKpaqC3yGNac.baMrFflSinnVtcZeQ9wqgNYfthl5APO”
reserved: false
hidden: false
opendistro_security_roles:
“readall_and_monitor”
backend_roles:
“readall_and_monitor”
description: “kibana-read user”
static: false
and in “roles_mapping.yml” added the following
readall_and_monitor:
reserved: false
backend_roles:
“kibana-read”
description: “kibana read and cluster monitor”
Basically, I want to create users with kibana read access to check all the logs from discover and also have the access to create alerts. Some help on this would be greatly appreciated.
@sumit.p @kamolhasan which version of odfe are you using.
I just tried using 1.13.1:
readall_monitor:
hash: "..."
opendistro_security_roles:
- readall_and_monitor
- alerting_full_access # for alert access in the last post
And it works as expected. Able to call _cluster/health api and create alerts.