Elastic does not respond with many security index patterns


My custer has 770 index and when I try to open a Kibana dashboard with one user who can access more then 10 patterns (each pattern usually "point" to 9 index), the elasticsearch throws the below message.

I google a litte, but don't find anything about it.

{"error":{"root_cause":[{"type":"security_exception","reason":"The set of permitted index patterns [612199,396341,191200,396455,461388,65064,39813,40109,229972,.k...] is too complex to evaluate"}],"type":"security_exception","reason":"The set of permitted index patterns [612199,396341,191200,396455,461388,65064,39813,40109,229972,.k...] is too complex to evaluate","caused_by":{"type":"too_complex_to_determinize_exception","reason":"Determinizing automaton with 93 states and 126 transitions would result in more than 100000 states."}},"status":500}

Thanks in advance

Hi Joao,

What version are you on ?

You can start by setting xpack.security.automata.max_determinized_states to something bigger than 100000 and see if that gets you a quick win for your issue. Don't set it too high though as this does have an effect on memory consumption on your nodes.

The most important step is to go through your role definitions and try to optimize the indices name patterns that you are using. There is no generic guidance I could offer offhand without knowing what your role definitions look like but feel free to share some examples here so that we can make some suggestions. Alternatively, you can reach your support engineer and get some assistance from them too!

Thanks for the quickly reply.

I update recently from 6.3.2 to 6.8.5, to use the security stack... So all of those security features are new for me.

I'll try to change this setting today e share the results.

I was thinking about to use a alias to group my index and use this alias in my patterns to reduce this hudge number of patterns.

I have one type for each entity in my domain and each tenant has your own list of index.
I create one rule for each tenant and the pattern "point" to them.
And my user could access a list of those tenants.

Let me give you a short example to clearly this confusion.

2 Entities in my domain:

E1, E2

And I have 3 tenants

T1, T2, T3

In elasticsearch I'll have 6 index

T1_E1, T1_E2, T2_E1, T2_E2, T3_E1, T3_E2

I create one role for each tenant, each of them with a pattern matching tenants

R1 -> T1*
R2 -> T2*
R3 -> T3*

For each user, I set a list of roles, based on what tenants he could access.

U1 -> R1
U2 -> R1, R3
U3 -> R1, R2, R3

Thanks again

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.