Action [indices:admin/create] is unauthorized for user

Hi,
I try to create a index but i have this error :

PUT toto-1 ( curl -k -u "logstash:password" -X PUT "https://localhost:9200/toto-1)
{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [logstash] with effective roles [eck_logstash_user_role] on indices [toto-1], this action is granted by the index privileges [create_index,manage,all]"}],"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [logstash] with effective roles [eck_logstash_user_role] on indices [toto-1], this action is granted by the index privileges [create_index,manage,all]"},"status":403}

GET _security/user/logstash

 "logstash" : {
    "username" : "logstash",
    "roles" : [
      "eck_logstash_user_role"
    ],
    "full_name" : null,
    "email" : null,
    "metadata" : { },
    "enabled" : true
  }
}

GET _security/role/eck_logstash_user_role

{
  "eck_logstash_user_role" : {
    "cluster" : [
      "all"
    ],
    "indices" : [
      {
        "names" : [
          "toto-*"
        ],
        "privileges" : [
          "all"
        ],
        "allow_restricted_indices" : false
      }
    ],
    "applications" : [ ],
    "run_as" : [ ],
    "metadata" : { },
    "transient_metadata" : {
      "enabled" : true
    }
  }
}

Where is the problem ? Any help is greats (edited)

Regards
Bruno

Hi @brunoflament, Welcome to the community.

What Version?

What user were you logged in with when you created that role?

Ask just in case because a user can not create a role with more privileges than the user logged in.

the API will accept creating the role, but when executed, it will be the intersection of the roles (the user creating the role and the role created / used)

1 Like

This is true for API keys, but not for users+roles. Users with manage_security can create a role that grants any access they wish, regardless of what access they themselves have.

2 Likes

Is is possible that there is a separate definition of that role stored in the roles.yml file in the configuration directory of the node?

If so, the file based role will take precedence.

You can check the user's effective privileges by calling:

curl -k -u "logstash" "https://localhost:9200/_security/user/_privileges"

If that doesn't match your eck_logstash_user_role then it probably means that the node is using a different role.

1 Like

Hello !

Yes !!

{"cluster":["cluster:admin/ingest/pipeline/get","manage_ilm","manage_index_templates","manage_logstash_pipelines","monitor","read_ilm"],"global":[],"indices":[{"names":["ecs-logstash","ecs-logstash-*","logs-*","logstash","logstash-*","metrics-*","synthetics-*","traces-*"],"privileges":["create_index","manage","read","view_index_metadata","write"],"allow_restricted_indices":false}],"applications":[],"run_as":[]}

The solution is :slight_smile: Configuration examples | Elastic Cloud on Kubernetes [2.9] | Elastic

Regards
Bruno Flament

1 Like

Woah I did not realize that Today I Learned!

Thanks @TimV !

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.