diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStore.java b/plugin/src/main/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStore.java
index c79c96e48b0..d3441947adb 100644
--- a/plugin/src/main/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStore.java
+++ b/plugin/src/main/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStore.java
@@ -40,7 +40,7 @@ public class ReservedRolesStore {
                         MetadataUtils.DEFAULT_RESERVED_METADATA))
                 .put("transport_client", new RoleDescriptor("transport_client", new String[] { "transport_client" }, null, null,
                         MetadataUtils.DEFAULT_RESERVED_METADATA))
-                .put("kibana_user", new RoleDescriptor("kibana_user", new String[] { "monitor" }, new RoleDescriptor.IndicesPrivileges[] {
+                .put("kibana_user", new RoleDescriptor("kibana_user", null, new RoleDescriptor.IndicesPrivileges[] {
                         RoleDescriptor.IndicesPrivileges.builder().indices(".kibana*").privileges("manage", "read", "index", "delete")
                                 .build() }, null, MetadataUtils.DEFAULT_RESERVED_METADATA))
                 .put("monitoring_user", new RoleDescriptor("monitoring_user", null, new RoleDescriptor.IndicesPrivileges[] {
diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStoreTests.java b/plugin/src/test/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStoreTests.java
index cad4de59f25..729f95e4c06 100644
--- a/plugin/src/test/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStoreTests.java
+++ b/plugin/src/test/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStoreTests.java
@@ -144,9 +144,9 @@ public class ReservedRolesStoreTests extends ESTestCase {
         assertThat(roleDescriptor.getMetadata(), hasEntry("_reserved", true));
 
         Role kibanaUserRole = Role.builder(roleDescriptor, null).build();
-        assertThat(kibanaUserRole.cluster().check(ClusterHealthAction.NAME), is(true));
-        assertThat(kibanaUserRole.cluster().check(ClusterStateAction.NAME), is(true));
-        assertThat(kibanaUserRole.cluster().check(ClusterStatsAction.NAME), is(true));
+        assertThat(kibanaUserRole.cluster().check(ClusterHealthAction.NAME), is(false));
+        assertThat(kibanaUserRole.cluster().check(ClusterStateAction.NAME), is(false));
+        assertThat(kibanaUserRole.cluster().check(ClusterStatsAction.NAME), is(false));
         assertThat(kibanaUserRole.cluster().check(PutIndexTemplateAction.NAME), is(false));
         assertThat(kibanaUserRole.cluster().check(ClusterRerouteAction.NAME), is(false));
         assertThat(kibanaUserRole.cluster().check(ClusterUpdateSettingsAction.NAME), is(false));