Is it possible to grant _system user more permissions?

bff · May 10, 2019, 5:46pm

Hello,
We have a plugin running in 6.4.3 that uses the node client to make a series of calls to the Elasticsearch API. When security is enabled I see the error:
org.elasticsearch.ElasticsearchSecurityException: action [indices:admin/exists] is unauthorized for user [_system]

I have tried adding to role_mapping the following:
superuser:
- _system

However the client still cannot call index exists. Is it possible to change who the client runs as in a plugin or add permissions to the _system user?

bff · May 10, 2019, 6:14pm

I also tried to add a mapping to solve this

"mapping1": {
"enabled": true,
"roles": [
"superuser"
],
"rules": {
"field": {
"username": "_system"
}
},
"metadata": {}
}

but I still get the error

bff · May 10, 2019, 7:25pm

It seems I can query the health of the index and get back a map of index names to health status. If the index name is not in the map then index does not exist. Since the _system user has permission to query health status of an index but now query if it exists I am wondering if there is a list of what permissions the _system user has.

system · June 7, 2019, 7:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to grant a plugin permissions for updating indices and index templates Elasticsearch elastic-stack-security	4	359	June 2, 2022
User Not Permitted to Check If Index Exists Elasticsearch elastic-stack-security	4	2067	July 29, 2019
Permission to give permission to Indices Elasticsearch elastic-stack-security	5	2069	February 26, 2021
Get and modify _system internal user permissions Elasticsearch elastic-stack-security	4	490	January 28, 2021
Action [indices:admin/create] is unauthorized for user Elasticsearch elastic-stack-security	3	14446	May 27, 2022

Is it possible to grant _system user more permissions?

Related Topics