Reg: Cluster Privileges for Snapshots - Permission issue

We are using Azure Repository Plugin (ES 6.2.1) for snapshotting, and use curator actions for snapshot action. But, the action is error'ing out as below

action [cluster:admin/repository/get] is unauthorized for user
Error from DEBUG log
2018-05-16 22:50:48,369 DEBUG elasticsearch log_request_fail:110 < {"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:admin/repository/get] is unauthorized for user [curator]"}],"type":"security_exception","reason":"action [cluster:admin/repository/get] is unauthorized for user [curator]"},"status":403}

The user that curator uses to perform snapshot has below privileges

{
"cluster": ["manage"],
"indices": [
{
"names": ["*"],
"privileges": ["monitor", "delete_index"]
}
],
"run_as": [],
"metadata": {}
}

Shouldn't "manage" help in posting snapshot by curator? Giving "all" would be more as it provides restarting capabilities.

Referring to documentation
https://www.elastic.co/guide/en/x-pack/current/security-privileges.html

manage should do what you need. Are you sure that your curator used is configured correctly?

The Authenticate API can help diagnose which roles a user has.

The documentation is not very clear on this point, but manage can do everything that all can do, except manage security.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.