No permissions for user | Security Exception

Faisal_Umer · June 8, 2023, 5:33am

I have to delay the shards assignment after a failure and running this command for that


PUT _all/_settings
{
  "settings": {
    "index.unassigned.node_left.delayed_timeout": "5m"
  }
}

Getting the following error while running this

{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "no permissions for [] and User [name=<my-email-address>, backend_roles=[admin], requestedTenant=null]"
      }
    ],
    "type" : "security_exception",
    "reason" : "no permissions for [] and User [name=<my-email-address>, backend_roles=[admin], requestedTenant=null]"
  },
  "status" : 403
}

After a bit of research, I found a similar thread
https://forum.opensearch.org/t/no-permission-for-user-tenant-permission-error/1230

I tried to run the command from inside the Kibana EC2 instance along with certificates and got the following error

error reading X.509 key or certificate file: Error in parsing when sending certificate in Curl Request

This StackOverflow thread suggests to create new certificates
https://stackoverflow.com/questions/50390689/error-reading-x-509-key-or-certificate-file-error-in-parsing-when-sending-certi

I have two questions

Can I apply the node delay settings some other way?
If not, should I create new certificates? Will it cause any issues in the existing setup?

system · June 8, 2023, 5:33am

OpenSearch/OpenDistro are AWS run products and differ from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )

warkolm · June 8, 2023, 10:34pm

Are you using Elasticsearch or opensearch?

Faisal_Umer · June 9, 2023, 5:17am

We are using self-managed Elasticsearch 7.8.0 hosted on AWS EC2 instances.

warkolm · June 13, 2023, 12:23am

OK, please note that version is EOL and no longer supported so you should be looking to upgrade as a matter of urgency.

What user are you trying to authenticate as?

Faisal_Umer · June 14, 2023, 6:28am

Yeah, we are planning an upgrade, and it might take some time.

On dev tools, I tried to run it as my own user with admin permissions assigned. On EC2 instances, I ran the curl command as the root user.

warkolm · June 20, 2023, 8:52am

What user did you auth to Elasticsearch with though?

system · July 18, 2023, 8:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.