403 @ _cat/indices when logged in as user in admin role

security

(Jon) #1

On elasticsearch + xpack 5.0.0 I'm getting a 403 when attempting to access index stats via _cat/indices when logged in as an admin user. I've repro'd through curl (curl --user elastic:<password> http://localhost:9200/_cat/indices/) as well as through the browser. Response returned is:

{ "error": { "root_cause": [ { "type": "security_exception", "reason": "action [indices:monitor/stats] is unauthorized for user [elastic]" } ], "type": "security_exception", "reason": "action [indices:monitor/stats] is unauthorized for user [elastic]" }, "status": 403 }

But I am able to gather stats for a specific index pattern e.g.: _cat/indices/packetbeat*. That returns:
yellow open packetbeat-2016.04.19 5 1 41863 0 19.9mb 19.9mb yellow open packetbeat-2016.04.14 5 1 8413 0 3.6mb 3.6mb yellow open packetbeat-2016.04.13 5 1 84243 0 30.5mb 30.5mb

User elastic is configured as admin role in ...config/x-pack/users_roles as follows:

admin:elastic

admin role is defined in roles.yml as follows:

``# All cluster rights

admin:
  cluster:
    - all
  indices:
    - names: '*'
      privileges:
        - all``
Is this a known issue?

Note: In a cluster I have in Elastic Cloud running ES 2.3.1 the same _cat/indices query returns the expected data when logged in as an admin user

(Jay Modi) #2

Hi Jon,

This is a known issue that affects 5.0 alpha 1 and 2.3.0/2.3.1 as well. This happens in 2.3 after creating user or role via the API. We have a fix that should be out soon.

-Jay


(system) #3