Permissions for backup user with X-Pack


(Laura Herrera) #1

Hi there,

I have setup an ELK cluster and i am using x-pack for authentication.
I am now setting up daily backups using snapshots and it's all working ok.

The problem I have is that it seems that my backup user needs to have superuser privileges to be able to take the snapshots, and I cannot find anywhere in the documentation whether or not it is possible to reduce those privileges, as this is a security concern.

I have tried with several build-in roles with no luck, mostly i get this error even trying to access an existing snapshot:

"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:admin/snapshot/get] is unauthorized for user [my-bkup-user]"

Any advice as to how to limit access to this user, while allowing it to manage snapshots?

Ta
Laura


#2

try to add the following in the roles.xml

curator:
  cluster:
    - monitor
    - cluster:admin/repository/get
    - cluster:admin/snapshot/*

and then give the user my-bkup-user the role curator


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.