diff --git a/docs/management/watcher-ui/index.asciidoc b/docs/management/watcher-ui/index.asciidoc index 79db96d759aa5..44610a2fd3426 100644 --- a/docs/management/watcher-ui/index.asciidoc +++ b/docs/management/watcher-ui/index.asciidoc @@ -34,7 +34,7 @@ If the {es} {security-features} are enabled, you must have the {ref}/security-privileges.html[`manage_watcher` or `monitor_watcher`] cluster privileges to use Watcher in {kib}. -Alternately, you can have the built-in `kibana_user` role +Alternately, you can have the built-in `kibana_admin` role and either of these watcher roles: * `watcher_admin`. You can perform all Watcher actions, including create and edit watches. diff --git a/docs/uptime-guide/security.asciidoc b/docs/uptime-guide/security.asciidoc index 2a960348b1e02..6651b33ea0e0e 100644 --- a/docs/uptime-guide/security.asciidoc +++ b/docs/uptime-guide/security.asciidoc @@ -42,7 +42,7 @@ PUT /_security/role/uptime === Assign the role to a user Next, you'll need to create a user with both the `uptime` role, and another role with sufficient {kibana-ref}/kibana-privileges.html[Kibana privileges], -such as the `kibana_user` role. +such as the `kibana_admin` role. You can do this with the following request: ["source","sh",subs="attributes,callouts"] @@ -50,7 +50,7 @@ You can do this with the following request: PUT /_security/user/jacknich { "password" : "j@rV1s", - "roles" : [ "uptime", "kibana_user" ], + "roles" : [ "uptime", "kibana_admin" ], "full_name" : "Jack Nicholson", "email" : "jacknich@example.com", "metadata" : { diff --git a/docs/user/monitoring/viewing-metrics.asciidoc b/docs/user/monitoring/viewing-metrics.asciidoc index 61bcb9a49c901..11516e32400fb 100644 --- a/docs/user/monitoring/viewing-metrics.asciidoc +++ b/docs/user/monitoring/viewing-metrics.asciidoc @@ -63,7 +63,7 @@ remote monitoring cluster, you must use credentials that are valid on both the -- -.. Create users that have the `monitoring_user` and `kibana_user` +.. Create users that have the `monitoring_user` and `kibana_admin` {ref}/built-in-roles.html[built-in roles]. . Open {kib} in your web browser. diff --git a/docs/user/security/authorization/index.asciidoc b/docs/user/security/authorization/index.asciidoc index d5ecb1072ffcd..5a80ae105d1b2 100644 --- a/docs/user/security/authorization/index.asciidoc +++ b/docs/user/security/authorization/index.asciidoc @@ -2,12 +2,11 @@ [[xpack-security-authorization]] === Granting access to {kib} -The Elastic Stack comes with the `kibana_user` {ref}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges. +The Elastic Stack comes with the `kibana_admin` {ref}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges. -When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the `kibana_user` role in addition to a custom role that grants Kibana privileges is ineffective because `kibana_user` has access to all the features in all spaces. +When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the `kibana_admin` role in addition to a custom role that grants Kibana privileges is ineffective because `kibana_admin` has access to all the features in all spaces. -NOTE: When running multiple tenants of Kibana by changing the `kibana.index` in your `kibana.yml`, -you cannot use `kibana_user` or `kibana_dashboard_only_user` to grant access. You must create custom roles that authorize the user for that specific tenant. Although multi-tenant installations are supported, the recommended approach to securing access to Kibana segments is to grant users access to specific spaces. +NOTE: When running multiple tenants of Kibana by changing the `kibana.index` in your `kibana.yml`, you cannot use `kibana_admin` to grant access. You must create custom roles that authorize the user for that specific tenant. Although multi-tenant installations are supported, the recommended approach to securing access to Kibana segments is to grant users access to specific spaces. [role="xpack"] [[kibana-role-management]] diff --git a/docs/user/security/reporting.asciidoc b/docs/user/security/reporting.asciidoc index 5f5d85fe8d3be..825580bdc772e 100644 --- a/docs/user/security/reporting.asciidoc +++ b/docs/user/security/reporting.asciidoc @@ -85,14 +85,14 @@ elasticsearch.username: 'custom_kibana_system' [[reporting-roles-user-api]] ==== With the user API This example uses the {ref}/security-api-put-user.html[user API] to create a user who has the -`reporting_user` role and the `kibana_user` role: +`reporting_user` role and the `kibana_admin` role: [source, sh] --------------------------------------------------------------- POST /_security/user/reporter { "password" : "x-pack-test-password", - "roles" : ["kibana_user", "reporting_user"], + "roles" : ["kibana_admin", "reporting_user"], "full_name" : "Reporting User" } --------------------------------------------------------------- @@ -106,11 +106,11 @@ roles on a per user basis, or assign roles to groups of users. By default, role mappings are configured in {ref}/mapping-roles.html[`config/shield/role_mapping.yml`]. For example, the following snippet assigns the user named Bill Murray the -`kibana_user` and `reporting_user` roles: +`kibana_admin` and `reporting_user` roles: [source,yaml] -------------------------------------------------------------------------------- -kibana_user: +kibana_admin: - "cn=Bill Murray,dc=example,dc=com" reporting_user: - "cn=Bill Murray,dc=example,dc=com" diff --git a/docs/user/security/securing-kibana.asciidoc b/docs/user/security/securing-kibana.asciidoc index 2d07b57bfabe1..b6b5248777f6b 100644 --- a/docs/user/security/securing-kibana.asciidoc +++ b/docs/user/security/securing-kibana.asciidoc @@ -104,7 +104,7 @@ You can manage privileges on the *Management / Security / Roles* page in {kib}. If you're using the native realm with Basic Authentication, you can assign roles using the *Management / Security / Users* page in {kib} or the {ref}/security-api.html#security-user-apis[user management APIs]. For example, -the following creates a user named `jacknich` and assigns it the `kibana_user` +the following creates a user named `jacknich` and assigns it the `kibana_admin` role: [source,js] @@ -112,7 +112,7 @@ role: POST /_security/user/jacknich { "password" : "t0pS3cr3t", - "roles" : [ "kibana_user" ] + "roles" : [ "kibana_admin" ] } -------------------------------------------------------------------------------- // CONSOLE diff --git a/x-pack/legacy/plugins/monitoring/public/views/access_denied/index.html b/x-pack/legacy/plugins/monitoring/public/views/access_denied/index.html index 8c67451b86f36..63cd4440ecf8a 100644 --- a/x-pack/legacy/plugins/monitoring/public/views/access_denied/index.html +++ b/x-pack/legacy/plugins/monitoring/public/views/access_denied/index.html @@ -15,9 +15,9 @@ class="kuiInfoPanelBody__message" i18n-id="xpack.monitoring.accessDenied.notAuthorizedDescription" i18n-default-message="You are not authorized to access Monitoring. To use Monitoring, you - need the privileges granted by both the `{kibanaUser}` and + need the privileges granted by both the `{kibanaAdmin}` and `{monitoringUser}` roles." - i18n-values="{ kibanaUser: 'kibana_user', monitoringUser: 'monitoring_user' }" + i18n-values="{ kibanaAdmin: 'kibana_admin', monitoringUser: 'monitoring_user' }" >
with user profile disabling "manageSpaces"

+ "kibanaAdmin": , diff --git a/x-pack/legacy/plugins/security/public/views/management/edit_role/components/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx b/x-pack/legacy/plugins/security/public/views/management/edit_role/components/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx index d324cf99c8418..0577efa6a1baf 100644 --- a/x-pack/legacy/plugins/security/public/views/management/edit_role/components/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx +++ b/x-pack/legacy/plugins/security/public/views/management/edit_role/components/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx @@ -96,13 +96,13 @@ class SpaceAwarePrivilegeSectionUI extends Component { ), diff --git a/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/filebeat.ts b/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/filebeat.ts index b46cecdc762b7..a5877f6c34b8f 100644 --- a/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/filebeat.ts +++ b/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/filebeat.ts @@ -3132,7 +3132,7 @@ export const filebeatSchema: Schema = [ { name: 'user.roles', description: 'Roles to which the principal belongs', - example: ['kibana_user', 'beats_admin'], + example: ['kibana_admin', 'beats_admin'], type: 'keyword', }, { diff --git a/x-pack/legacy/plugins/transform/common/constants.ts b/x-pack/legacy/plugins/transform/common/constants.ts index c85408d3c5ce6..39138c12c8299 100644 --- a/x-pack/legacy/plugins/transform/common/constants.ts +++ b/x-pack/legacy/plugins/transform/common/constants.ts @@ -39,11 +39,11 @@ export const API_BASE_PATH = '/api/transform/'; // - dest index: index, create_index (can be applied to a pattern e.g. df-*) // // In the UI additional privileges are required: -// - kibana_user (builtin) +// - kibana_admin (builtin) // - dest index: monitor (applied to df-*) // - cluster: monitor // -// Note that users with kibana_user can see all Kibana index patterns and saved searches +// Note that users with kibana_admin can see all Kibana index patterns and saved searches // in the source selection modal when creating a transform, but the wizard will trigger // error callouts when there are no sufficient privileges to read the actual source indices. diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index edbfe4464a014..6be4f6fc5109f 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -10215,7 +10215,7 @@ "xpack.ml.validateJob.validateJobButtonLabel": "ジョブを検証", "xpack.monitoring.accessDenied.backToKibanaButtonLabel": "Kibana に戻る", "xpack.monitoring.accessDenied.clusterNotConfiguredDescription": "専用の監視クラスターへのアクセスを試みている場合、監視クラスターで構成されていないユーザーとしてログインしていることが原因である可能性があります。", - "xpack.monitoring.accessDenied.notAuthorizedDescription": "監視アクセスが許可されていません。監視を利用するには、「{kibanaUser}」と「{monitoringUser}」の両方のロールからの権限が必要です。", + "xpack.monitoring.accessDenied.notAuthorizedDescription": "監視アクセスが許可されていません。監視を利用するには、「{kibanaAdmin}」と「{monitoringUser}」の両方のロールからの権限が必要です。", "xpack.monitoring.accessDeniedTitle": "アクセス拒否", "xpack.monitoring.ajaxErrorHandler.httpErrorMessage": "HTTP {errStatus}", "xpack.monitoring.ajaxErrorHandler.requestErrorNotificationTitle": "監視リクエストエラー", @@ -12013,11 +12013,11 @@ "xpack.security.management.editRole.spaceAwarePrivilegeDisplay.spaceBasePrivilegeSource": "スペースベース権限", "xpack.security.management.editRole.spaceAwarePrivilegeDisplay.spaceFeaturePrivilegeSource": "スペース機能権限", "xpack.security.management.editRole.spaceAwarePrivilegeDisplay.unknownPrivilegeSource": "**不明**", - "xpack.security.management.editRole.spaceAwarePrivilegeForm.ensureAccountHasAllPrivilegesGrantedDescription": "{kibanaUser} ロールによりアカウントにすべての権限が提供されていることを確認し、再試行してください。", + "xpack.security.management.editRole.spaceAwarePrivilegeForm.ensureAccountHasAllPrivilegesGrantedDescription": "{kibanaAdmin} ロールによりアカウントにすべての権限が提供されていることを確認し、再試行してください。", "xpack.security.management.editRole.spaceAwarePrivilegeForm.globalSpacesName": "* グローバル (すべてのスペース)", "xpack.security.management.editRole.spaceAwarePrivilegeForm.howToViewAllAvailableSpacesDescription": "利用可能なすべてのスペースを表示する権限がありません。", "xpack.security.management.editRole.spaceAwarePrivilegeForm.insufficientPrivilegesDescription": "権限が不十分です", - "xpack.security.management.editRole.spaceAwarePrivilegeForm.kibanaUserTitle": "kibana_user", + "xpack.security.management.editRole.spaceAwarePrivilegeForm.kibanaAdminTitle": "kibana_admin", "xpack.security.management.editRole.spacePrivilegeForm.allPrivilegeDetails": "選択されたスペースの全機能への完全アクセスを許可します。", "xpack.security.management.editRole.spacePrivilegeForm.allPrivilegeDisplay": "すべて", "xpack.security.management.editRole.spacePrivilegeForm.allPrivilegeDropdownDisplay": "すべて", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index d3d24b1c35651..c54457e9dc774 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -10216,7 +10216,7 @@ "xpack.ml.validateJob.validateJobButtonLabel": "验证作业", "xpack.monitoring.accessDenied.backToKibanaButtonLabel": "返回 Kibana", "xpack.monitoring.accessDenied.clusterNotConfiguredDescription": "如果您尝试访问专用监测集群,则这可能是因为该监测集群上未配置您登录时所用的用户帐户。", - "xpack.monitoring.accessDenied.notAuthorizedDescription": "您无权访问 Monitoring。要使用 Monitoring,您同时需要 `{kibanaUser}` 和 `{monitoringUser}` 角色授予的权限。", + "xpack.monitoring.accessDenied.notAuthorizedDescription": "您无权访问 Monitoring。要使用 Monitoring,您同时需要 `{kibanaAdmin}` 和 `{monitoringUser}` 角色授予的权限。", "xpack.monitoring.accessDeniedTitle": "访问被拒绝", "xpack.monitoring.ajaxErrorHandler.httpErrorMessage": "HTTP {errStatus}", "xpack.monitoring.ajaxErrorHandler.requestErrorNotificationTitle": "Monitoring 请求错误", @@ -12014,11 +12014,11 @@ "xpack.security.management.editRole.spaceAwarePrivilegeDisplay.spaceBasePrivilegeSource": "工作区基本权限", "xpack.security.management.editRole.spaceAwarePrivilegeDisplay.spaceFeaturePrivilegeSource": "全局功能权限", "xpack.security.management.editRole.spaceAwarePrivilegeDisplay.unknownPrivilegeSource": "**未知**", - "xpack.security.management.editRole.spaceAwarePrivilegeForm.ensureAccountHasAllPrivilegesGrantedDescription": "请确保您的帐户具有 {kibanaUser} 角色授予的所有权限,然后重试。", + "xpack.security.management.editRole.spaceAwarePrivilegeForm.ensureAccountHasAllPrivilegesGrantedDescription": "请确保您的帐户具有 {kibanaAdmin} 角色授予的所有权限,然后重试。", "xpack.security.management.editRole.spaceAwarePrivilegeForm.globalSpacesName": "* 全局(所有工作区)", "xpack.security.management.editRole.spaceAwarePrivilegeForm.howToViewAllAvailableSpacesDescription": "您无权查看所有可用工作区。", "xpack.security.management.editRole.spaceAwarePrivilegeForm.insufficientPrivilegesDescription": "权限不足", - "xpack.security.management.editRole.spaceAwarePrivilegeForm.kibanaUserTitle": "kibana_user", + "xpack.security.management.editRole.spaceAwarePrivilegeForm.kibanaAdminTitle": "kibana_admin", "xpack.security.management.editRole.spacePrivilegeForm.allPrivilegeDetails": "授予对选定工作区所有功能的完全访问权限。", "xpack.security.management.editRole.spacePrivilegeForm.allPrivilegeDisplay": "全部", "xpack.security.management.editRole.spacePrivilegeForm.allPrivilegeDropdownDisplay": "全部", diff --git a/x-pack/test/api_integration/apis/console/feature_controls.ts b/x-pack/test/api_integration/apis/console/feature_controls.ts index 3f9a086779437..ce926f0d032c8 100644 --- a/x-pack/test/api_integration/apis/console/feature_controls.ts +++ b/x-pack/test/api_integration/apis/console/feature_controls.ts @@ -43,6 +43,29 @@ export default function securityTests({ getService }: FtrProviderContext) { } }); + it('can be accessed by kibana_admin role', async () => { + const username = 'kibana_admin'; + const roleName = 'kibana_admin'; + try { + const password = `${username}-password`; + + await security.user.create(username, { + password, + roles: [roleName], + full_name: 'a kibana admin', + }); + + await supertest + .post(`/api/console/proxy?method=GET&path=${encodeURIComponent('/_cat')}`) + .auth(username, password) + .set('kbn-xsrf', 'xxx') + .send() + .expect(200); + } finally { + await security.user.delete(username); + } + }); + it('can be accessed by global all role', async () => { const username = 'global_all'; const roleName = 'global_all'; diff --git a/x-pack/test/api_integration/apis/monitoring/setup/collection/security.js b/x-pack/test/api_integration/apis/monitoring/setup/collection/security.js index 7e6a2dbe31965..4da08d7cb9726 100644 --- a/x-pack/test/api_integration/apis/monitoring/setup/collection/security.js +++ b/x-pack/test/api_integration/apis/monitoring/setup/collection/security.js @@ -44,7 +44,7 @@ export default function({ getService }) { await security.user.create(username, { password: password, full_name: 'Limited User', - roles: ['kibana_user', 'monitoring_user'], + roles: ['kibana_admin', 'monitoring_user'], }); const { body } = await supertestWithoutAuth diff --git a/x-pack/test/api_integration/apis/short_urls/feature_controls.ts b/x-pack/test/api_integration/apis/short_urls/feature_controls.ts index db5e11ef367ad..35a6f2c2b382a 100644 --- a/x-pack/test/api_integration/apis/short_urls/feature_controls.ts +++ b/x-pack/test/api_integration/apis/short_urls/feature_controls.ts @@ -12,8 +12,8 @@ export default function featureControlsTests({ getService }: FtrProviderContext) const security = getService('security'); describe('feature controls', () => { - const kibanaUsername = 'kibana_user'; - const kibanaUserRoleName = 'kibana_user'; + const kibanaUsername = 'kibana_admin'; + const kibanaUserRoleName = 'kibana_admin'; const kibanaUserPassword = `${kibanaUsername}-password`; diff --git a/x-pack/test/functional/apps/dashboard_mode/dashboard_view_mode.js b/x-pack/test/functional/apps/dashboard_mode/dashboard_view_mode.js index bab798dacc453..e00f8246c4f69 100644 --- a/x-pack/test/functional/apps/dashboard_mode/dashboard_view_mode.js +++ b/x-pack/test/functional/apps/dashboard_mode/dashboard_view_mode.js @@ -91,7 +91,7 @@ export default function({ getService, getPageObjects }) { await testSubjects.setValue('userFormFullNameInput', 'mixeduser'); await testSubjects.setValue('userFormEmailInput', 'example@example.com'); await PageObjects.security.assignRoleToUser('kibana_dashboard_only_user'); - await PageObjects.security.assignRoleToUser('kibana_user'); + await PageObjects.security.assignRoleToUser('kibana_admin'); await PageObjects.security.assignRoleToUser('logstash-data'); await PageObjects.security.clickSaveEditUser(); diff --git a/x-pack/test/functional/apps/security/doc_level_security_roles.js b/x-pack/test/functional/apps/security/doc_level_security_roles.js index d9d664f6c6935..09b133bab0d5a 100644 --- a/x-pack/test/functional/apps/security/doc_level_security_roles.js +++ b/x-pack/test/functional/apps/security/doc_level_security_roles.js @@ -58,11 +58,11 @@ export default function({ getService, getPageObjects }) { fullname: 'dls EAST', email: 'dlstest@elastic.com', save: true, - roles: ['kibana_user', 'myroleEast'], + roles: ['kibana_admin', 'myroleEast'], }); const users = indexBy(await PageObjects.security.getElasticsearchUsers(), 'username'); log.debug('actualUsers = %j', users); - expect(users.userEast.roles).to.eql(['kibana_user', 'myroleEast']); + expect(users.userEast.roles).to.eql(['kibana_admin', 'myroleEast']); expect(users.userEast.reserved).to.be(false); }); diff --git a/x-pack/test/functional/apps/security/field_level_security.js b/x-pack/test/functional/apps/security/field_level_security.js index a0cf71d26298f..08969a469ae0d 100644 --- a/x-pack/test/functional/apps/security/field_level_security.js +++ b/x-pack/test/functional/apps/security/field_level_security.js @@ -79,11 +79,11 @@ export default function({ getService, getPageObjects }) { fullname: 'customer one', email: 'flstest@elastic.com', save: true, - roles: ['kibana_user', 'a_viewssnrole'], + roles: ['kibana_admin', 'a_viewssnrole'], }); const users = indexBy(await PageObjects.security.getElasticsearchUsers(), 'username'); log.debug('actualUsers = %j', users); - expect(users.customer1.roles).to.eql(['kibana_user', 'a_viewssnrole']); + expect(users.customer1.roles).to.eql(['kibana_admin', 'a_viewssnrole']); }); it('should add new user customer2 ', async function() { @@ -95,11 +95,11 @@ export default function({ getService, getPageObjects }) { fullname: 'customer two', email: 'flstest@elastic.com', save: true, - roles: ['kibana_user', 'a_view_no_ssn_role'], + roles: ['kibana_admin', 'a_view_no_ssn_role'], }); const users = indexBy(await PageObjects.security.getElasticsearchUsers(), 'username'); log.debug('actualUsers = %j', users); - expect(users.customer2.roles).to.eql(['kibana_user', 'a_view_no_ssn_role']); + expect(users.customer2.roles).to.eql(['kibana_admin', 'a_view_no_ssn_role']); }); it('user customer1 should see ssn', async function() { diff --git a/x-pack/test/functional/apps/security/secure_roles_perm.js b/x-pack/test/functional/apps/security/secure_roles_perm.js index ece289b4a666e..4e155872d1041 100644 --- a/x-pack/test/functional/apps/security/secure_roles_perm.js +++ b/x-pack/test/functional/apps/security/secure_roles_perm.js @@ -61,13 +61,13 @@ export default function({ getService, getPageObjects }) { fullname: 'RashmiFirst RashmiLast', email: 'rashmi@myEmail.com', save: true, - roles: ['logstash_reader', 'kibana_user'], + roles: ['logstash_reader', 'kibana_admin'], }); log.debug('After Add user: , userObj.userName'); const users = indexBy(await PageObjects.security.getElasticsearchUsers(), 'username'); log.debug('actualUsers = %j', users); log.debug('roles: ', users.Rashmi.roles); - expect(users.Rashmi.roles).to.eql(['logstash_reader', 'kibana_user']); + expect(users.Rashmi.roles).to.eql(['logstash_reader', 'kibana_admin']); expect(users.Rashmi.fullname).to.eql('RashmiFirst RashmiLast'); expect(users.Rashmi.reserved).to.be(false); await PageObjects.security.forceLogout(); diff --git a/x-pack/test/functional/apps/security/user_email.js b/x-pack/test/functional/apps/security/user_email.js index 492eddcfb9f74..a007c40a06b62 100644 --- a/x-pack/test/functional/apps/security/user_email.js +++ b/x-pack/test/functional/apps/security/user_email.js @@ -27,11 +27,11 @@ export default function({ getService, getPageObjects }) { fullname: 'newuserFirst newuserLast', email: 'newuser@myEmail.com', save: true, - roles: ['kibana_user', 'superuser'], + roles: ['kibana_admin', 'superuser'], }); const users = indexBy(await PageObjects.security.getElasticsearchUsers(), 'username'); log.debug('actualUsers = %j', users); - expect(users.newuser.roles).to.eql(['kibana_user', 'superuser']); + expect(users.newuser.roles).to.eql(['kibana_admin', 'superuser']); expect(users.newuser.fullname).to.eql('newuserFirst newuserLast'); expect(users.newuser.email).to.eql('newuser@myEmail.com'); expect(users.newuser.reserved).to.be(false); diff --git a/x-pack/test/functional/apps/security/users.js b/x-pack/test/functional/apps/security/users.js index 3eed74881e957..9dc42553f0fdf 100644 --- a/x-pack/test/functional/apps/security/users.js +++ b/x-pack/test/functional/apps/security/users.js @@ -42,11 +42,11 @@ export default function({ getService, getPageObjects }) { fullname: 'LeeFirst LeeLast', email: 'lee@myEmail.com', save: true, - roles: ['kibana_user'], + roles: ['kibana_admin'], }); const users = indexBy(await PageObjects.security.getElasticsearchUsers(), 'username'); log.debug('actualUsers = %j', users); - expect(users.Lee.roles).to.eql(['kibana_user']); + expect(users.Lee.roles).to.eql(['kibana_admin']); expect(users.Lee.fullname).to.eql('LeeFirst LeeLast'); expect(users.Lee.email).to.eql('lee@myEmail.com'); expect(users.Lee.reserved).to.be(false); @@ -85,7 +85,7 @@ export default function({ getService, getPageObjects }) { expect(roles.apm_user.reserved).to.be(true); expect(roles.beats_admin.reserved).to.be(true); expect(roles.beats_system.reserved).to.be(true); - expect(roles.kibana_user.reserved).to.be(true); + expect(roles.kibana_admin.reserved).to.be(true); expect(roles.kibana_system.reserved).to.be(true); expect(roles.logstash_system.reserved).to.be(true); expect(roles.monitoring_user.reserved).to.be(true); diff --git a/x-pack/test/functional/page_objects/monitoring_page.js b/x-pack/test/functional/page_objects/monitoring_page.js index 6920010d67187..8de5b5e69d34d 100644 --- a/x-pack/test/functional/page_objects/monitoring_page.js +++ b/x-pack/test/functional/page_objects/monitoring_page.js @@ -14,7 +14,7 @@ export function MonitoringPageProvider({ getPageObjects, getService }) { // always create this because our tear down tries to delete it await security.user.create('basic_monitoring_user', { password: 'monitoring_user_password', - roles: ['monitoring_user', 'kibana_user'], + roles: ['monitoring_user', 'kibana_admin'], full_name: 'basic monitoring', }); diff --git a/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts b/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts index 0346da334d2f2..203f90c55aa82 100644 --- a/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts +++ b/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts @@ -38,7 +38,7 @@ export default function({ getService }: FtrProviderContext) { await getService('esSupertest') .post('/_security/role_mapping/krb5') .send({ - roles: ['kibana_user'], + roles: ['kibana_admin'], enabled: true, rules: { field: { 'realm.name': 'kerb1' } }, }) @@ -119,7 +119,7 @@ export default function({ getService }: FtrProviderContext) { .set('Cookie', sessionCookie.cookieString()) .expect(200, { username: 'tester@TEST.ELASTIC.CO', - roles: ['kibana_user'], + roles: ['kibana_admin'], full_name: null, email: null, metadata: { diff --git a/x-pack/test/pki_api_integration/apis/security/pki_auth.ts b/x-pack/test/pki_api_integration/apis/security/pki_auth.ts index 4eee900e68bec..186ed824b3b6c 100644 --- a/x-pack/test/pki_api_integration/apis/security/pki_auth.ts +++ b/x-pack/test/pki_api_integration/apis/security/pki_auth.ts @@ -48,7 +48,7 @@ export default function({ getService }: FtrProviderContext) { .post('/_security/role_mapping/first_client_pki') .ca(CA_CERT) .send({ - roles: ['kibana_user'], + roles: ['kibana_admin'], enabled: true, rules: { field: { dn: 'CN=first_client' } }, }) @@ -107,7 +107,7 @@ export default function({ getService }: FtrProviderContext) { expect(response.body).to.eql({ username: 'first_client', - roles: ['kibana_user'], + roles: ['kibana_admin'], full_name: null, email: null, enabled: true, diff --git a/x-pack/test_utils/kbn_server_config.ts b/x-pack/test_utils/kbn_server_config.ts index 75f5ac736b7c0..3cac6ed5df014 100644 --- a/x-pack/test_utils/kbn_server_config.ts +++ b/x-pack/test_utils/kbn_server_config.ts @@ -26,9 +26,9 @@ export const TestKbnServerConfig = { }, users: [ { - username: 'kibana_user', + username: 'kibana_admin', password: 'x-pack-test-password', - roles: ['kibana_user'], + roles: ['kibana_admin'], }, ], };