No 403 response if user is not allowed to read index

Hi,

we are currently upgrading our elk stack from 2.X to 5.X and are working with the 5.3.1 versions.

An example role is defined like this in roley.yml
examplerole:
cluster:
- monitor
indices:
- names: 'extint-*'
privileges:
- view_index_metadata
- read

If i now try to access an index which the user is not permitted to see (e.g. extint_res-) with GET .../extint_res- and the user credentials i get an empty JSON response:
{}

Users which do have the extint_res index in the permissions see the full response.

In prior versions, i got an "404 Not Found" error accessing the index. Is this intended? Or did we miss something in the config?

So, bug or feature :slight_smile: ?

Cheers,
Stefan

Are you using wildcards in your requests?

This is the result of a feature that was added and highly requested; we tried to make the responses more consistent with elasticsearch (without x-pack) especially when expanding wildcards and handling indices that do not exist.

Ok, i checked the same request without a wildcard and got the 403.

If it was highly requested, ok. But for me it's now inconsistent. Requesting extint-* returns an empty response and extint-2017.03.22 returns 403.

But i can live with that. As it was changed, i change my tests.

Thanks for the quick answer

Stefan

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.