Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kibana.defaultAppId for valid app but with specific role creates endless redirect loop #52298

Closed
ajoliveira opened this issue Dec 5, 2019 · 2 comments
Closed

kibana.defaultAppId for valid app but with specific role creates endless redirect loop #52298

ajoliveira opened this issue Dec 5, 2019 · 2 comments
Labels
bug Fixes for quality problems that affect the customer experience Team:Visualizations Visualization editors, elastic-charts and infrastructure v7.4.2

Comments

@ajoliveira
Copy link

Kibana version: 7.4.2

Elasticsearch version: 7.4.2

Server OS version: macOS Mojave 10.14.6

Browser version: Version 78.0.3904.108 (Official Build) (64-bit)

Browser OS version: macOS Mojave 10.14.6

Original install method (e.g. download page, yum, from source, etc.): tar.gz

Describe the bug: Related to #49495 ...
Since we are deprecating the kibana_dashboard_only_user role, if you create your own dashboard only user role via privileges as recommended, and have a valid defaultAppId value set:
kibana.defaultAppId: "discover"

You still end up in a situation where the browser loops after logging in and you can never get to your dashboards.

Steps to reproduce:

  1. Create role for user that limits them to dashboard/canvas, etc.
# GET _security/role/my_dashboard_only
{
  "my_dashboard_only" : {
    "cluster" : [ ],
    "indices" : [ ],
    "applications" : [
      {
        "application" : "kibana-.kibana",
        "privileges" : [
          "feature_dashboard.read",
          "feature_canvas.read"
        ],
        "resources" : [
          "space:default"
        ]
      }
    ],
    "run_as" : [ ],
    "metadata" : { },
    "transient_metadata" : {
      "enabled" : true
    }
  }
}
  1. Assign role to user(s) with any other roles for specific indices, etc.
  2. Login as user with this my_dashboard_only role, browser will continuously loop

Expected behavior: User should be able to view Canvas/Dasboards as defined in role and not be routed to 'discover' plugin.
@ajoliveira ajoliveira added bug Fixes for quality problems that affect the customer experience Team:Visualizations Visualization editors, elastic-charts and infrastructure v7.4.2 labels Dec 5, 2019
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-app (Team:KibanaApp)

@stratoula stratoula mentioned this issue Aug 30, 2021
Closed
@stratoula
Copy link
Contributor

As we removed defaultAppId here #109798 I am closing it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Team:Visualizations Visualization editors, elastic-charts and infrastructure v7.4.2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ajoliveira @elasticmachine @stratoula