It can be that the user has some saved objects that are trying to query something from a project, which doesn't exist anymore (or where you don't have access to it anymore). You can delete the .kibana Index to restore access:
See here: https://access.redhat.com/solutions/3722751 oc -n openshift-logging exec -c elasticsearch $(oc -n openshift-logging get pod --selector='component=es' --no-headers=true | cut -d' ' -f 1) -- es_util --query=.kibana.$(printf "%s" YOUR_USER | sha1sum | awk '{print $1}') -XDELETE If the index calculation was right, you’ll get {"acknowledged":true} As an output. And afterwards it should work again. This will delete any saved dashboards, queries and so on for that user. best Marcel On Wed, 17 Jul 2019 at 00:04, Jeff Cantrill <[email protected]> wrote: > We have some recent issues logged against this which are related to load > and the number of projects which a user can view. This [1] is a high level > document which may be of interest to you on how the permissions are > generated and what constitutes an 'admin user' > > [1] > https://github.com/openshift/origin-aggregated-logging/blob/master/docs/access-control.md#role-definitions-and-permissions > > > On Tue, Jul 16, 2019 at 11:05 AM Shane Ripley <[email protected]> > wrote: > >> Greetings, I have a permissions issue with Kibana that I can't seem to >> figure out. I've reviewed all the settings that I can think of, but nothing >> seems to be wrong. >> >> The domains user is the admin of several projects, and up until recently, >> was able to view logs in kibana for all of its projects. I have no idea >> what changed, but now I can no longer view any logs. >> >> [security_exception] no permissions for [indices:data/read/search] and >> User [name=domains .... >> >> >> oc describe rolebinding.rbac -n domains-dev |more >> >> Name: admin >> Labels: <none> >> Annotations: <none> >> Role: >> Kind: ClusterRole >> Name: admin >> Subjects: >> Kind Name Namespace >> ---- ---- --------- >> User domains >> >> I'm at a loss as to what to check next. Other users can view logs, so the >> issue seems to be limited to just the domains user. >> >> I've redeployed the openshift-logging project and ouath/kibana pod but >> that didn't seem to help. >> >> Thanks. >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > > > -- > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
