Action [indices:admin/flush[s]] is unauthorized for user [admin] with roles [superuser] on restricted indices [.kibana_task_manager_7.17.5_001], this action is granted by the index privileges [maintenance,manage,all]

Hello, guys!

I am running a rolling upgrade in a cluster 7.17.5 to 8.3.2.

When I try to run the GET /_flush I am receiving this error as return

{
  "_shards" : {
    "total" : 148,
    "successful" : 77,
    "failed" : 10,
    "failures" : [
      {
        "shard" : 0,
        "index" : ".kibana_task_manager_7.17.5_001",
        "status" : "FORBIDDEN",
        "reason" : {
          "type" : "security_exception",
          "reason" : "action [indices:admin/flush[s]] is unauthorized for user [admin] with roles [superuser] on restricted indices [.kibana_task_manager_7.17.5_001], this action is granted by the index privileges [maintenance,manage,all]"
        }
      },
      {
        "shard" : 0,
        "index" : ".apm-custom-link",
        "status" : "FORBIDDEN",
        "reason" : {
          "type" : "security_exception",
          "reason" : "action [indices:admin/flush[s]] is unauthorized for user [admin] with roles [superuser] on restricted indices [.apm-custom-link], this action is granted by the index privileges [maintenance,manage,all]"
        }
      },
      {
        "shard" : 0,
        "index" : ".kibana_task_manager_1",
        "status" : "FORBIDDEN",
        "reason" : {
          "type" : "security_exception",
          "reason" : "action [indices:admin/flush[s]] is unauthorized for user [admin] with roles [superuser] on restricted indices [.kibana_task_manager_1], this action is granted by the index privileges [maintenance,manage,all]"
        }
      },
      {
        "shard" : 0,
        "index" : ".kibana_7.17.5_001",
        "status" : "FORBIDDEN",
        "reason" : {
          "type" : "security_exception",
          "reason" : "action [indices:admin/flush[s]] is unauthorized for user [admin] with roles [superuser] on restricted indices [.kibana_7.17.5_001], this action is granted by the index privileges [maintenance,manage,all]"
        }
      },
      {
        "shard" : 0,
        "index" : ".tasks",
        "status" : "FORBIDDEN",
        "reason" : {
          "type" : "security_exception",
          "reason" : "action [indices:admin/flush[s]] is unauthorized for user [admin] with roles [superuser] on restricted indices [.tasks], this action is granted by the index privileges [maintenance,manage,all]"
        }
      },
      {
        "shard" : 0,
        "index" : ".fleet-policies-7",
        "status" : "FORBIDDEN",
        "reason" : {
          "type" : "security_exception",
          "reason" : "action [indices:admin/flush[s]] is unauthorized for user [admin] with roles [superuser] on restricted indices [.fleet-policies-7], this action is granted by the index privileges [maintenance,manage,all]"
        }
      },
      {
        "shard" : 0,
        "index" : ".async-search",
        "status" : "FORBIDDEN",
        "reason" : {
          "type" : "security_exception",
          "reason" : "action [indices:admin/flush[s]] is unauthorized for user [admin] with roles [superuser] on restricted indices [.async-search], this action is granted by the index privileges [maintenance,manage,all]"
        }
      },
      {
        "shard" : 0,
        "index" : ".security-7",
        "status" : "FORBIDDEN",
        "reason" : {
          "type" : "security_exception",
          "reason" : "action [indices:admin/flush[s]] is unauthorized for user [admin] with roles [superuser] on restricted indices [.security-7], this action is granted by the index privileges [maintenance,manage,all]"
        }
      },
      {
        "shard" : 0,
        "index" : ".apm-agent-configuration",
        "status" : "FORBIDDEN",
        "reason" : {
          "type" : "security_exception",
          "reason" : "action [indices:admin/flush[s]] is unauthorized for user [admin] with roles [superuser] on restricted indices [.apm-agent-configuration], this action is granted by the index privileges [maintenance,manage,all]"
        }
      },
      {
        "shard" : 0,
        "index" : ".kibana_1",
        "status" : "FORBIDDEN",
        "reason" : {
          "type" : "security_exception",
          "reason" : "action [indices:admin/flush[s]] is unauthorized for user [admin] with roles [superuser] on restricted indices [.kibana_1], this action is granted by the index privileges [maintenance,manage,all]"
        }
      }
    ]
  }
}

The admin user is a superuser, in theory (and from my understanding, I could be wrong) this user should have all permissions in the cluster.

The output of the ./elasticsearch-users list command is

admin : superuser

What should I do to resolve this problem?

Hi @Leonardo_Henrique

run this...

GET _security/user/_privileges

I think you will see something like this..

  "indices": [
    {
      "names": [
        "*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": false  <!----- this not for restricted indices... 
    },
    {
      "names": [
        "*"
      ],
      "privileges": [
        "monitor",
        "read",
        "read_cross_cluster",
        "view_index_metadata"
      ],
      "allow_restricted_indices": true <!----- this notice no write / manage etc
    }
  ],

So the superuser role does not grant everything...

If you want to _flush on all the system indices... you would need to create a role that allows that... manage for restricted indices...

This is by design to keep even super users from accidentally messing up their cluster.

See Here

Ohh and not all the volunteers on the site are Guys :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.