Config a role in roles.yml but cannot specify some privileges

xujohn · July 11, 2019, 7:00pm

I defined a customer role in roles.yml such as:

my_user_role:
cluster: [ 'all' ]
indices:
- names: [ '' ]
privileges: [ 'all' ]
applications: ['']
run_as: ['*']

After starting elasticsearch and logged in kibana to look the roles:

GET /_security/role/my_user_role

I found the run_as and applications are empty arrays , no matter how I put values inside.

Why do the values not shown in privileges such as applications and run_as?

The out put from GET returns :

{
"my_user_role" : {
"cluster" : [
"all"
],
"indices" : [
{
"names" : [
"*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
}
],
"applications" : [ ],
"run_as" : [ ],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}

Thank you.

John

TimV · July 12, 2019, 4:29am

Roles defined through the API and roles defined in roles.yml are separate.
You cannot use the API to view roles.yml

xujohn · July 12, 2019, 3:02pm

Thank you Tim. Do you mean I can define role1 in roles.yml and role1 (exactly same name) in API the same time? Which, API one or yml one, will be picked up by elastic search?

TimV · July 16, 2019, 7:34am

It will pick up the yml one.

system · August 13, 2019, 7:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using LDAP to set up Users and Roles in elasticsearch.yml file Elasticsearch elastic-stack-security	16	696	February 17, 2023
Shield issue Elasticsearch elastic-stack-security	8	1266	July 7, 2017
File-based role management roles.yml Elasticsearch elastic-stack-security	3	2996	July 31, 2019
Roles not restricting as expected Kibana elastic-stack-security	8	379	March 12, 2022
How to Build a Role with Java API for indices privileges Elasticsearch elastic-stack-security , language-clients	6	537	January 4, 2022

Config a role in roles.yml but cannot specify some privileges

Related Topics