Hi All,
Have a strange issue. Using AD with shield to authenticate users and have an account that is tied to a role that is not being allowed to carry out it's actions.
With the account, I can execute a curl command against the basic url (localhost:9200) and get back the status response fine (with status, cluster name, version etc), but when I do anything else, for instance localhost:9200/_cat/indices I get an access granted message in the log for it:
[2016-10-03 11:09:48,086] [node-d01] [transport] [access_granted] origin_type=[rest], origin_address=[/192.168.1.18:37964], principal=[curator], action=[cluster:monitor/state], indices=[]
But in the response to the curl command I get an AuthorizationException:
{"error":"RemoteTransportException[[es-m01-node-m01][inet[/10.65.4.41:9300]][cluster:monitor/state]]; nested: AuthorizationException[action [cluster:monitor/state] is unauthorized for user [curator]]; ","status":403}
How is it possible that it's getting access granted and yet refused the action too!?
For reference, i've also now been trying this with the admin settings for that role (in roles.yml):
curator:
cluster: monitor
indices:
'*': all