No 403 response if user is not allowed to read index

(Stefan Rinderle) #1


we are currently upgrading our elk stack from 2.X to 5.X and are working with the 5.3.1 versions.

An example role is defined like this in roley.yml
- monitor
- names: 'extint-*'
- view_index_metadata
- read

If i now try to access an index which the user is not permitted to see (e.g. extint_res-) with GET .../extint_res- and the user credentials i get an empty JSON response:

Users which do have the extint_res index in the permissions see the full response.

In prior versions, i got an "404 Not Found" error accessing the index. Is this intended? Or did we miss something in the config?

So, bug or feature :slight_smile: ?


(Jay Modi) #2

Are you using wildcards in your requests?

This is the result of a feature that was added and highly requested; we tried to make the responses more consistent with elasticsearch (without x-pack) especially when expanding wildcards and handling indices that do not exist.

(Stefan Rinderle) #3

Ok, i checked the same request without a wildcard and got the 403.

If it was highly requested, ok. But for me it's now inconsistent. Requesting extint-* returns an empty response and extint-2017.03.22 returns 403.

But i can live with that. As it was changed, i change my tests.

Thanks for the quick answer


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.