Home > database >  Action failed with 'security_exception: [security_exception] Reason: action [indices:admin/crea
Action failed with 'security_exception: [security_exception] Reason: action [indices:admin/crea

Time:07-14

I am trying to install elastic search and kibana on windows machine. After starting elastic search elastic search is working fine. But if i started kibana server it showing below erros:

[2022-07-08T17:21:28.195 05:30][INFO ][savedobjects-service] Starting saved objects migrations
[2022-07-08T17:21:28.231 05:30][INFO ][savedobjects-service] [.kibana] INIT -> CREATE_NEW_TARGET. took: 18ms.
[2022-07-08T17:21:28.235 05:30][INFO ][savedobjects-service] [.kibana_task_manager] INIT -> CREATE_NEW_TARGET. took: 20ms.
[2022-07-08T17:21:28.245 05:30][ERROR][savedobjects-service] [.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: action [indices:admin/create] is unauthorized for user [kunal] with roles [monitoring,network,admins,demorole] on restricted indices [.kibana_task_manager_8.3.2_001], this action is granted by the index privileges [create_index,manage,all]'. Retrying attempt 1 in 2 seconds.
[2022-07-08T17:21:28.246 05:30][INFO ][savedobjects-service] [.kibana_task_manager] CREATE_NEW_TARGET -> CREATE_NEW_TARGET. took: 10ms.
[2022-07-08T17:21:28.248 05:30][ERROR][savedobjects-service] [.kibana] Action failed with 'security_exception: [security_exception] Reason: action [indices:admin/create] is unauthorized for user [kunal] with roles [monitoring,network,admins,demorole] on restricted indices [.kibana_8.3.2_001], this action is granted by the index privileges [create_index,manage,all]'. Retrying attempt 1 in 2 seconds.
[2022-07-08T17:21:28.248 05:30][INFO ][savedobjects-service] [.kibana] CREATE_NEW_TARGET -> CREATE_NEW_TARGET. took: 18ms.
[2022-07-08T17:21:30.276 05:30][ERROR][savedobjects-service] [.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: action [indices:admin/create] is unauthorized for user [kunal] with roles [monitoring,network,admins,demorole] on restricted indices [.kibana_task_manager_8.3.2_001], this action is granted by the index privileges [create_index,manage,all]'. Retrying attempt 2 in 4 seconds.
[2022-07-08T17:21:30.277 05:30][INFO ][savedobjects-service] [.kibana_task_manager] CREATE_NEW_TARGET -> CREATE_NEW_TARGET. took: 2031ms.
[2022-07-08T17:21:30.284 05:30][ERROR][savedobjects-service] [.kibana] Action failed with 'security_exception: [security_exception] Reason: action [indices:admin/create] is unauthorized for user [kunal] with roles [monitoring,network,admins,demorole] on restricted indices [.kibana_8.3.2_001], this action is granted by the index privileges [create_index,manage,all]'. Retrying attempt 2 in 4 seconds.
[2022-07-08T17:21:30.285 05:30][INFO ][savedobjects-service] [.kibana] CREATE_NEW_TARGET -> CREATE_NEW_TARGET. took: 2036ms.
[2022-07-08T17:21:34.311 05:30][ERROR][savedobjects-service] [.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: action [indices:admin/create] is unauthorized for user [kunal] with roles [monitoring,network,admins,demorole] on restricted indices [.kibana_task_manager_8.3.2_001], this action is granted by the index privileges [create_index,manage,all]'. Retrying attempt 3 in 8 seconds.
[2022-07-08T17:21:34.313 05:30][INFO ][savedobjects-service] [.kibana_task_manager] CREATE_NEW_TARGET -> CREATE_NEW_TARGET. took: 4035ms.
[2022-07-08T17:21:34.321 05:30][ERROR][savedobjects-service] [.kibana] Action failed with 'security_exception: [security_exception] Reason: action [indices:admin/create] is unauthorized for user [kunal] with roles [monitoring,network,admins,demorole] on restricted indices [.kibana_8.3.2_001], this action is granted by the index privileges [create_index,manage,all]'. Retrying attempt 3 in 8 seconds.

Please find my elastic search files: roles.yml

# The default roles file is empty as the preferred method of defining roles is
# through the API/UI. File based roles are useful in error scenarios when the
# API based roles may not be available.
admins:
  cluster:
    - all
  indices:
    - names:
        - "*"
      privileges:
        - all
devs:
  cluster:
    - manage
  indices:
    - names:
        - "*"
      privileges:
        - write
        - delete
        - create_index

users_roles file

monitoring:kunal
network:kunal
admins:kunal

I have using user kunal from kibana for authentication.

I am not able to figure out what is the permission error here because for admins user i have given all privliges.

CodePudding user response:

Tldr;

Delete kibana.index in your kibana.yml file.

To solve

I feel like you have modified the default name for internal kibana index. By default it is .kibana but your's .kibana_task_manager_8.3.2_001

Which lead me to believe.

  1. you are using v 8.3.2
  2. you change the kibana.index setting

But this is deprecated. [doc]

Also you have an issue talking about this.

disclaimer:

I haven't seen you kibana.yml file.

CodePudding user response:

Please check your ...\elasticsearch-8.3.2\config\elasticsearch.yml as well. Here's my configuration. Hope that helps.

# Enable security features

xpack.security.enabled: false

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:

enabled: false

keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:

enabled: false

verification_mode: certificate

keystore.path: certs/transport.p12

truststore.path: certs/transport.p12

# Create a new cluster with the current node only
# Additional nodes can still join the cluster later

cluster.initial_master_nodes: ["Node1"]
  • Related