Hi everyone,
I'm trying to upgrade from Elasticsearch 8.18.0 to 9.0.1, but before upgrading I need to set to read only or delete old created indices with compatibility 7090199, otherwise won't boot up the Elasticsearch service.
I found that these indices .reporting-2023* were created with the compatibility 7090199 and I decided to delete it.
Following the API documentation Elastic Security API | allow_restricted_indices I need to assign to the user this privilege "allow_restricted_indices": "true".
I created an API key inside the Kibana API keys page for the user "elastic". When I go inside "Update API key" it's possible to activate "Control security privileges". Inside this section I inserted following role:
{
"allow-restricted-indices-role": {
"cluster": [
"all"
],
"indices": [
{
"names": [
".*",
"*"
],
"privileges": [
"read",
"write",
"delete",
"delete_index",
"manage",
"all"
],
"allow_restricted_indices": true
}
],
"applications": [],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}
}
After updating the API key, I try to delete one .reporting-2023* index with curl command using the upon API key but I receive this error:
{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/delete] is unauthorized for API key id [<hidden>] of user [elastic] on restricted indices [.reporting-2023<hidden>], this action is granted by the index privileges [delete_index,manage,all]"}],"type":"security_exception","reason":"action [indices:admin/delete] is unauthorized for API key id [<hidden>] of user [elastic] on restricted indices [.reporting-2023<hidden>], this action is granted by the index privileges [delete_index,manage,all]"},"status":403}
Did I something wrong or I need to create another user with admin / superuser privileges? How can I remove these restricted .reporting-2023* indices?
Thanks a lot 
Gabriele