Security_exception - action [cluster:monitor/main] is unauthorized for user [p595200]

When we try to hit ES directly with a header, we are getting the below 403 response.

Can someone please let me know what could be the issue.

{"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:monitor/main] is unauthorized for user [p595200]"}],"type":"security_exception","reason":"action [cluster:monitor/main] is unauthorized for user [p595200]"},"status":403}

I hate to state the obvious, but the user p595200 does not have permission to perform that action.
Your user is being correctly authenticated, but their roles don't give them the necessary permissions to perform the request.

cluster:monitor/main is the action that is at the root ("/") URL of the cluster that prints out the version number and cluster health etc.

The possible causes are:

  • The user has no roles -> How are you assigning roles to users?
  • The user is missing a role that it should have
  • One of the users roles is missing cluster privileges that it should have.

You should start by using the _authenticate API, which will show you the details of the user you are using, including their assigned roles.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.