Getting Authorization error for the x-pack internal user _system after installing x-pack in elastic 5.1.1... action [indices:admin/aliases/get] is unauthorized for user [_system]

sangamesh.asokan · March 30, 2018, 2:30pm

Hi All,
Need help in fixing this issue. Getting the below logs while trying to start up the elasticsearch after upgrading the elasticsearch to 5.1 from 1.7 to install x-pack.

   Caused by: org.elasticsearch.ElasticsearchSecurityException: action [indices:admin/aliases/get] is unauthorized for user [_system]
at org.elasticsearch.xpack.security.support.Exceptions.authorizationError(Exceptions.java:45) ~[?:?]
at org.elasticsearch.xpack.security.authz.AuthorizationService.denialException(AuthorizationService.java:403) ~[?:?]
at org.elasticsearch.xpack.security.authz.AuthorizationService.denial(AuthorizationService.java:374) ~[?:?]
at org.elasticsearch.xpack.security.authz.AuthorizationService.authorize(AuthorizationService.java:140) ~[?:?]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$authorizeRequest$5(SecurityActionFilter.java:196) ~[?:?]
at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.maybeRun(AuthorizationUtils.java:131) ~[?:?]
at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.setRunAsRoles(AuthorizationUtils.java:125) ~[?:?]
at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.authorize(AuthorizationUtils.java:106) ~[?:?]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.authorizeRequest(SecurityActionFilter.java:211) ~[?:?]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$4(SecurityActionFilter.java:187) ~[?:?]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:53) ~[elasticsearch-5.1.1-SNAPSHOT.jar:5.1.1-SNAPSHOT]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$0(AuthenticationService.java:180) ~[?:?]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$2(AuthenticationService.java:199) ~[?:?]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:211) ~[?:?]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:178) ~[?:?]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:140) ~[?:?]
at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:112) ~[?:?]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:186) ~[?:?]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:143) ~[?:?]
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:171) ~[elasticsearch-5.1.1-SNAPSHOT.jar:5.1.1-SNAPSHOT]
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:145) ~[elasticsearch-5.1.1-SNAPSHOT.jar:5.1.1-SNAPSHOT]
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:87) ~[elasticsearch-5.1.1-SNAPSHOT.jar:5.1.1-SNAPSHOT]
at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:75) ~[elasticsearch-5.1.1-SNAPSHOT.jar:5.1.1-SNAPSHOT]
at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:64) ~[elasticsearch-5.1.1-SNAPSHOT.jar:5.1.1-SNAPSHOT]
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:403) ~[elasticsearch-5.1.1-SNAPSHOT.jar:5.1.1-SNAPSHOT]
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:392) ~[elasticsearch-5.1.1-SNAPSHOT.jar:5.1.1-SNAPSHOT]
at org.elasticsearch.client.support.AbstractClient$IndicesAdmin.execute(AbstractClient.java:1220) ~[elasticsearch-5.1.1-SNAPSHOT.jar:5.1.1-SNAPSHOT]
at org.elasticsearch.client.support.AbstractClient$IndicesAdmin.getAliases(AbstractClient.java:1287) ~[elasticsearch-5.1.1-SNAPSHOT.jar:5.1.1-SNAPSHOT]
at org.elasticsearch.index.store.TenantShardRegistry.getEnvTenantFromEs(TenantShardRegistry.scala:42) ~[?:?]
at org.elasticsearch.index.store.TenantShardRegistry$$anonfun$getTenant$1.apply(TenantShardRegistry.scala:71) ~[?:?]
at org.elasticsearch.index.store.TenantShardRegistry$$anonfun$getTenant$1.apply(TenantShardRegistry.scala:71) ~[?:?]

firstly why the _system internal user is trying to access the indices:admin/aliases/get. Am I missing anything in the configuration??? Help is much appreciated.

TimV · March 30, 2018, 11:13pm

It appears that you are using NodeClient which is not supported under X-Pack security.

https://www.elastic.co/guide/en/x-pack/5.1/java-clients.html

system · April 27, 2018, 11:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch 5.6.2 (x-pack) secured cluster with custom plugin : action [indices:data/read/search] is unauthorized for user [_system] Elasticsearch	1	631	February 2, 2020
Issue with Installing X-Pack on ELK - Security Exception Error Elasticsearch	6	1326	February 8, 2018
Security_exeption Xpack Elasticsearch	4	3931	August 15, 2017
Elasticsearch 7.8.0 user authentication with X-Pack security fails Elasticsearch elastic-stack-security	11	1348	October 27, 2020
[internal:discovery/zen/unicast] is unauthorized for user [anonymous_user] Elasticsearch	4	1452	October 25, 2018

Getting Authorization error for the x-pack internal user _system after installing x-pack in elastic 5.1.1... action [indices:admin/aliases/get] is unauthorized for user [_system]

Related topics