Discover: [security_exception] no permissions for indices:data/read/msearch

Environment

• Red Hat OpenShift Container Platform (OCP)
  • 3.4
  • 3.5

Issue

• Trying to view logs in Elasticsearch via Kibana.
• Getting a security exception even though I have permissions.
• Added a user to a group that has cluster-admin privileges but still cannot see an index.

Discover: [security_exception] no permissions for indices:data/read/field_stats

Discover: [security_exception] no permissions for indices:data/read/msearch

Resolution

• In old versions of OCP (pre-3.6), this simply means there are no logs in this index/time frame. Extend the time frame or choose a different index.
• If logs should exist, make sure the user has permissions.
• If using groups to provide permissions, it is required to upgrade to OCP 3.6
• Workaround is to grant permission directly to user:

// Grant admin on one project
$ oc adm policy add-role-to-user admin [user] -n [mynamespace]

// Grant admin on all projects
$ oc adm policy add-cluster-role-to-user admin [user]

Root Cause

• Older versions of OCP display a security warning when viewing empty index/timeframe combinations

  • This is a This content is not included.known bug
  • This is in 3.6

• This can also be caused by the user not having permissions

  • Can still happen even when a user is added to a group that has cluster-admin privileges or other privileges
  • This is caused by a This content is not included.known bug
  • Fixed in 3.6

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.