New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filter panel doesn't get populated with field values on alias index for non-super user #111642
Comments
Pinging @elastic/kibana-app-services (Team:AppServices) |
Bhavya and I worked on this and figured out that the user needs I don't really know if the issue is in Kibana or Elasticsearch. It could be that Kibana is dereferencing the alias to the index name and querying Elasticsearch with the index name? Or that Elasticsearch is checking the user privs on the index instead of the alias? |
Pinging @elastic/kibana-data-discovery (Team:DataDiscovery) |
This seems to be a fairly significant issue on Discover - user may not be able to see what then need in Discover even while they are able to see this data elsewhere (Dev Tools for example). Security team suggested that we should require administrators to grant both read and view_index_metadata. For a while Discover worked with just read if the index pattern already existed. However now that the field cache is gone from the index pattern/data view, we really require view_index_metadata for Discover to function. Perhaps it's time to make this change? |
Would it be worthwhile to reexamine why |
Removing the Discover labels here. There seems to be no Discover specific details to this (unless I missunderstand the issue)? It's caused by index patterns and the search bar, both owned by app services. |
@mattkime I'm trying to find it in the older version docs but haven't found it yet. But I know those 2 privs have been required when creating index patterns in Kibana for a really long time. I think even before we combined the security plugin (Shield) into x-pack. |
Kibana version: 7.15.0 , 7.14.1
Elasticsearch version: 7.15.0, 7.14.1
Server OS version: darwin_x86_64
Browser version: chrome latest
Browser OS version: OS X
Original install method (e.g. download page, yum, from source, etc.): from staging
Describe the bug: If a non-super user tries to build a filter using alias fields - Kibana displays empty for field values drop down.
Please note the same filter panel works fine for super user.
This is a regression in 7.14.1. Worked fine in 7.13.4
Alias index:
Empty filter panel:
These are my role details:
GET /_security/role/aliasrole
This bug is the result of a support ticket linked. Please note this doesn't work in 7.15.0 & 7.14.1 but works in 7.13.x. Can we also get some tests along with the fix?
The text was updated successfully, but these errors were encountered: