Can´t start Kibana because the superuser "elastic" can´t write indexes

Question

I installed elasticsearch and Kibana on Ubuntu 22.04.3 LTS. I just want to try Kibana on my PC, but I activated security as I want to install Elastic Agent.

The problem is that when I start Kibana I get:

waitForDeleteByQueryTask task failed with the following error:

\n{"type":"security_exception","reason":"action [indices:data/write/delete/byquery] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.kibana_alerting_cases_8.12.0_001], this action is granted by the index privileges [delete,write,all]"}

Then I get similar errors refered to many other indexes:

• .kibana_8.12.0_001
• .kibana_ingest_8.12.0_001
• .kibana_security_solution_8.12.0_001
• etc.

On kibana.yml I have:

server.host: localhost

elasticsearch.hosts: ["https://elastic:<password>@localhost:9200"]

elasticsearch.username: "kibana_system"
elasticsearch.password: "<password>"

elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/elasticsearch-ca.pem" ]

pid.file: /run/kibana/kibana.pid

xpack.fleet.registryProxyUrl: <proxy>

xpack.security.encryptionKey: <key>
xpack.encryptedSavedObjects.encryptionKey: <key>
xpack.reporting.encryptionKey: <key>

How can I solve it?

Answer 1

s unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.kibana_alerting_cases_8.12.0_001],

This part says your built-in user elastic can not operate on system index of kibana_alerting_cases. The system indices starts with a dot.

Normally roles are created under Stack Management then roles on Kibana. Roles can be assigned to the users (also under Stack Management but under Users).

Please check if the user is allowed to work on this index.