Assigned roles [create_doc] were not found) on indices

kra28 · March 15, 2024, 10:38am

Hello,
I have some troubles to add a document into an index. Thank you for your answer.

I have created a user kra28 and index pdbs_index and add the privileges using:

{
  "indices": [
    {
      "names": [
        "pdbs_index"
      ],
      "privileges": [
        "create_doc"
      ]
    }
  ]
}

When I check it, I get:
{"kra28":{"cluster":[],"indices":[{"names":["pdbs_index"],"privileges":["create_doc"],"allow_restricted_indices":false}],"applications":[],"run_as":[],"metadata":{},"transient_metadata":{"enabled":true}}}*

However when I want to add a document using:
http://xyz:9200/pdbs_index/_doc/1

I get the following issue:
{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:data/write/index] is unauthorized for user [kra28] with effective roles [] (assigned roles [create_doc] were not found) on indices [pdbs_index], this action is granted by the index privileges [create_doc,create,index,write,all]"}],"type":"security_exception","reason":"action [indices:data/write/index] is unauthorized for user [kra28] with effective roles [] (assigned roles [create_doc] were not found) on indices [pdbs_index], this action is granted by the index privileges [create_doc,create,index,write,all]"},"status":403}*

It is not clear for me, since, it seems, that I have created the privileges.

Thank you for your answer.

Michal

TimV · March 18, 2024, 5:20am

You seem to be mixing up users, roles and privileges.

This:

{"kra28":{"cluster":[],"indices":[{"names":["pdbs_index"],"privileges":["create_doc"],"allow_restricted_indices":false}],"applications":[],"run_as":[],"metadata":{},"transient_metadata":{"enabled":true}}}*

Looks like the output from a role (GET /_security/role/kra28)

But this:

{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:data/write/index] is unauthorized for user [kra28]

Is referring to a user named kra28

with effective roles [] (assigned roles [create_doc] were not found)

And that user has been assigned a role named create_doc

It sounds like you need to update the configuration of user kra28 to have the role named kra28.

kra28 · March 19, 2024, 1:03pm

Thank you very much, it seems that it is correct now. I add the role "kra28" using:

http://<url>/_security/user/kra28

{
  "password": "xyz",
  "enabled": true,
  "roles": ["kra28"],
  "full_name" : "kra28",
  "email" : "..."
}

Add the role "write":

http://<url>/_security/role/kra28

{
  "indices": [
    {
      "names": [
        "pdbs_index"
      ],
      "privileges": [
        "create_doc", "write"
      ]
    }
  ]
}

A the result of the insert:
http://<url>/pdbs_index/_doc/1
is the following:
{"_index":"pdbs_index","_id":"1","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"_seq_no":0,"_primary_term":1}*

Thank you.

Regards,

Michal

system · April 16, 2024, 1:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.