Permissions for backup user with X-Pack

lherrera · June 2, 2017, 10:05am

Hi there,

I have setup an ELK cluster and i am using x-pack for authentication.
I am now setting up daily backups using snapshots and it's all working ok.

The problem I have is that it seems that my backup user needs to have superuser privileges to be able to take the snapshots, and I cannot find anywhere in the documentation whether or not it is possible to reduce those privileges, as this is a security concern.

I have tried with several build-in roles with no luck, mostly i get this error even trying to access an existing snapshot:

"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:admin/snapshot/get] is unauthorized for user [my-bkup-user]"

Any advice as to how to limit access to this user, while allowing it to manage snapshots?

Ta
Laura

jetnet · June 7, 2017, 7:45pm

try to add the following in the roles.xml

curator:
  cluster:
    - monitor
    - cluster:admin/repository/get
    - cluster:admin/snapshot/*

and then give the user my-bkup-user the role curator

system · July 5, 2017, 7:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to setup authentication using x-pack Elasticsearch	6	5626	May 16, 2017
Security_exeption Xpack Elasticsearch	4	3931	August 15, 2017
Reg: Cluster Privileges for Snapshots - Permission issue Elasticsearch	2	898	June 14, 2018
Users with any role (except superuser) cannot view events in kibana Kibana	3	652	August 2, 2017
After installing X-Pack into ELK am unable to view logs Elasticsearch	12	1546	May 23, 2018

Permissions for backup user with X-Pack

Related topics