I have the following two documents in Elastic:
[ {
"_index" : "hr",
"_type" : "blog",
"_id" : "123",
"_score" : 1.0,
"_source" : {
"title" : "blah blah Doe"
}
}, {
"_index" : "hr",
"_type" : "person",
"_id" : "1",
"_score" : 1.0,
"_source" : {
"name" : "Jane Doe",
"title" : "Software Engineer"
}
} ]
==========================================
I have two roles: hr_user
and hr_blog_reader
, and two users mapped to them. Role hr_user
should have full access to hr index; hr_blog_reader
should only have access to documents with _type=blog
:
hr_blog_reader:
indices:
'hr':
privileges: read
query: '{"match":{"_type":"blog"}}'
hr_user:
indices:
'hr':
privileges: all
When I run a query as hr_user
, I get both documents back, as expected. When I run a query as hr_blog_reader
, I get the following error:
{
"error" : {
"root_cause" : [ {
"type" : "security_exception",
"reason" : "action [indices:data/read/search] is unauthorized for user [hr_blog_reader]"
} ],
"type" : "security_exception",
"reason" : "action [indices:data/read/search] is unauthorized for user [hr_blog_reader]"
},
"status" : 403
}
I'm running the queries using curl:
curl http://localhost:9200/_search?pretty -u hr_blog_reader
Any ideas what I'm doing wrong?