Admin role is unauthorized

Hi Team,
I configured shield and integrated with Active directory and now my problems is:

I have a admin role (mapped with gp-ops-es-admin AD group) but it can't access some of the indices getting unauthorized error. I believe it should have all the access.

GET _cat/indices
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "action [indices:monitor/stats] is unauthorized for user [es-admin]"
}
],
"type": "security_exception",
"reason": "action [indices:monitor/stats] is unauthorized for user [es-admin]"
},
"status": 403
}

role_mapping.yml:
admin:

  • "CN=gp-ops-es-admin,----

roles.yml:

All operations on all indices

admin:
cluster:
- all
indices:
- names: '*'
privileges:
- all

Thanks & Regards,
Piyush Tekade

Hi Piyush,

Can you check the output of GET /_shield/authenticate as that user? Do you see the role listed for that user?

Jay

Yes, PFB:
{
"username": "es-admin",
"roles": [
"admin"
],
"full_name": null,
"email": null,
"metadata": {}
}

Is it just the cat indices API?

Yes, i am getting results for below:

GET _cat/indices/filebeat-*
allocation
count
health
master
nodeattrs
nodes

What version are you using?

ES: 2.3.1

Kibana: 4.5.0

This was a bug in Shield 2.3.0 and 2.3.1. It was fixed in 2.3.2 https://www.elastic.co/guide/en/shield/current/release-notes.html#_2_3_2

Thanks Jai...