I was setting up a 3rd party application and forgot to extend its role to read a new index. It took me some time (classified) while I realized my mistake. Shouldn't I be able to see the unauthorized request in the logs or I'd need to upgrade to a higher plan in order to see that?
I see. I understand that I can't get everything with a basic account, but since I (thankfully) get RBAC, I'd expect a vague entry which would indicate the source of the issue. As I described it was my mistake not checking the basics but I was like "Hey, the E+L error logs are empty, it has to be something with that app.". Again, I'm happy to have RBAC, just expected something to warn me that I messed up.
Thank you!
P.s.: The app unfortunately didn't handle the response which is a shame too, I found out the issue when I made a curl call with the app's creds and it was clear what I missed during setup:
{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:data/read/search] is unauthorized for user [XXXXXXX]"}],"type":"security_exception","reason":"action [indices:data/read/search] is unauthorized for user [XXXXXXX]"},"status":403}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.