Indices:admin/template/put is a "cluster" action?

Elastic Stack Elasticsearch
1

Hello,

I am trying to use the default "readwrite" role,
I am performing a put-index-template operation, and get the error:

action [indices:admin/template/put] is unauthorized for user [readwrite]

As the message states, the action is a "index" action, not a "cluster" action.

However, the role definition grants "all" privileges on all indices

readwrite:
cluster: monitor
indices:
'*': all

Changing "cluster: monitor" to "cluster:all" solves the problem.
This implies that there is a "cluster" level privilege that is required to perform the template-put operation.

My questions are:

  1. What is the cluster level privilege that is required here?
  2. Where can I find a list of privilege names and their description? (could not find this in the documentation)
  3. Where can I see Shield logs in elastic.cloud so that I can further debug such issues on my own?

Thanks
/amiry

2

The cluster manage_index_templates permission is required. This is required because index templates can be applied globally, so changing them requires cluster management permissions.

Take a look at Shield Privileges | Shield [2.4] | Elastic

I suggest you ask this question in the #cloud section.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.