Can we use index pattern if we allow only alias in roles

kannan_raj · June 2, 2021, 9:16am

unable to query the data by using index patterns. just assume the index name is test-20210602-00001 and the alias is testing. role is

GET /_xpack/security/role/test?pretty
{
    "cluster": [],
    "indices": [
        {
            "names": ["testing"],
            "privileges": ["read","view_index_metadata"]
        }
    ]
}

able to search the document by using the alias name

curl http://hostname:9200/testing/_search?pretty

getting no documents when searching the doc by using index pattern

curl http://hostname:9200/test*/_search?pretty

is this expected behavior?

Elasticsearch version is 7.9.0 and created the role using role API.

TimV · June 3, 2021, 3:45am

That is not the expected behaviour, and I can't reproduce it.

Can you provide more details?

kannan_raj · June 3, 2021, 4:44am

@TimV you can follow the steps to reproduce

Create the ROLE

curl -XPUT -H 'Content-Type: application/json' -k -u user:password 
https://hostname:9200/_xpack/security/role/test 
-d'{
"cluster": [],
"indices": [
    {"names": ["testing"],
    "privileges": ["read","view_index_metadata"]
    }
 ]
}'

Create the user

curl -XPUT -H 'Content-Type: application/json' -k -u user:password 
https://hostname:9200/_xpack/security/user/user_name 
-d'{
    "password": "password",
    "roles" : ["kibana_user","test"],
}'

Create index with alias

curl -XPUT -H 'Content-Type: application/json' -k -u user:password 
https://hostname:9200/failed-000001 
-d'{
"aliases": {
    "testing":{
        "is_write_index": true 
        }
    }
}'

Posting the doc

curl -XPOST -H 'Content-Type: application/json' -k -u user:password 
https://hostname:9200/testing/_doc 
-d'{
   "name": "test"
}'

able to search the data with alias name

GET testing/_search

but unable to query the data with index or index pattern

GET failed-000001/_search
Error is 
"reason" : "action [indices:data/read/search] is unauthorized..."

with index pattern getting no doc

GET failed*/_search
{
 "took" : 0,
 "timed_out" : false,
 "_shards" : {
  "total" : 0,
  "successful" : 0,
  "skipped" : 0,
  "failed" : 0
 },
 "hits" : {
  "total" : {
  "value" : 0,
  "relation" : "eq"
},
"max_score" : 0.0,
"hits" : [ ]
}

}

TimV · June 3, 2021, 7:03am

OK. That's expected behaviour (but it's not what your original post described).

If you grant access via an alias, then the user may only access the documents via that alias, they cannot access the index itself.

kannan_raj · June 3, 2021, 7:11am

@TimV Thank you for the confirmation

system · July 1, 2021, 7:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.