Index setting read_only_allow_delete does not allow _delete_by_query


After applying read_only_allow_delete to an index -
PUT /index_name/_settings

    "index": {
        "blocks": {
            "read_only_allow_delete": true

Issuing a _delete_by_query produces the following failures:

    "took": 789,
    "timed_out": false,
    "total": 18951,
    "deleted": 0,
    "batches": 1,
    "version_conflicts": 0,
    "noops": 0,
    "retries": {
        "bulk": 0,
        "search": 0
    "throttled_millis": 0,
    "requests_per_second": -1,
    "throttled_until_millis": 0,
    "failures": [
            "index": "index_name",
            "type": "logs",
            "id": "mPs8vWgBqIRu5N0y1gmI",
            "cause": {
                "type": "cluster_block_exception",
                "reason": "blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];"
            "status": 403
        (many more errors like this one)

Only by removing read_only_allow_delete I've been able to successfully run the delete query.

Why is this happening?
Shouldn't this setting allow deletion?
If not, I'd specifically note this in the documentation. Also, it would be nice to have such a setting where new deleting and indexing a new document would not be considered the same action.


That privilege allows you to delete the full index, not individual documents from it, which is what delete by query does.

Is there any setting which allows the deletion of documents, but not indexing?

No, I do not believe there is.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.