Description of problem: Similar to issue [1] resolved by errata [2] for 3.11.146, except this customer has upgraded to 3.11.146 and is experiencing the issue with ADMIN users. Oddly enough, cluster-view users are NOT seeing the problem, it's only cluster-admin users. As a cluster-admin accessing Kibana, users are attempting to locate indices for a project called "ecpi" however they are not able to view due to "[security_exception] no permissions for [indices:data/read/field]" message at top of screen. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1752853 [2] https://access.redhat.com/errata/RHBA-2019:2816 Version-Release number of selected component (if applicable): 3.11.146 How reproducible: No change after resetting affected users kibana user indices; verified "ecpi" project index is healthy; verified ES is healthy; no logs in ES master logs are helpful and kibana logs just show "200" results for each line Steps to Reproduce: 1. As cluster-admin user, open Kibana and attempt to view project logs for "ecpi" 2. Get "no permissions" message at top of screen 3. As cluster-view user, open Kibana and attempt to view project logs for "ecpi" 4. Successful, no issues reported. Actual results: Every cluster-admin user tested has this same issue, and it is only affecting the project "ecpi" as the admins are able to see the other project logs without issue. No cluster-view users affected. Expected results: Cluster-admin users should be able to see this project's logs Additional info: Privately attaching several logging dump script results and screenshots provided by customer
Customer has escalated the SFDC ticket requesting workaround.
Please confirm it is not a browser session issue: https://bugzilla.redhat.com/show_bug.cgi?id=1791837#c29
Closing NOTABUG since the customer closed the case based on #c13
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days