Description of problem: The cluster-admin user couldn't save the search record. Version-Release number of selected component (if applicable): logging v3.6.173.0.33 How reproducible: always Steps to Reproduce: 1. oadm policy add-cluster-role-to-user cluster-admin admin 2. login kibana with 'admin' 3. save record Discover->save search Actual results: Discover: Request to Elasticsearch failed: "[security_exception] no permissions for indices:data/write/index" Error: Request to Elasticsearch failed: "[security_exception] no permissions for indices:data/write/index" KbnError@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:57511:21 RequestFailure@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:57544:6 __WEBPACK_AMD_DEFINE_RESULT__</</</<@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:97666:16 processQueue@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:42452:29 scheduleProcessQueue/<@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:42468:28 $RootScopeProvider/this.$get</Scope.prototype.$eval@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:43696:17 $RootScopeProvider/this.$get</Scope.prototype.$digest@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:43507:16 $RootScopeProvider/this.$get</Scope.prototype.$apply@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:43804:14 done@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:38253:37 completeRequest@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:38451:8 requestLoaded@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:38392:10 Expected results: Additional info: The common user can save record.
I am trying to reproduce and so far unsuccessfully. I can safe the search for both regular user as well as cluster-admin. Could you please provide from project 'logging' $ oc get pod -o yaml and ansible inventory?
I meet similar issue on OCP 3.7 when using shared_ops mode -- the unique mode worked fine, as is described here: https://bugzilla.redhat.com/show_bug.cgi?id=1492576
As Xia pointed out, it really is the same issue. Jeff created a fix for this in a PR https://github.com/openshift/origin-aggregated-logging/pull/641
*** This bug has been marked as a duplicate of bug 1476062 ***
@Jeff, Won't we fix this issue in v3.6?
There is an open PR https://github.com/openshift/origin-aggregated-logging/pull/641 to backport to 3.6