Security_exception: action [indices:admin/rollover] is unauthorized for user [<user_name>]

Ryan_Downey · June 16, 2020, 3:19pm

What am I missing in this deployment that's throwing this error? The deployment is 7.7.0 and the user and role information is below.

security_exception: action [indices:admin/rollover] is unauthorized for user [<user_name>]

User info:

{
  "data_internal" : {
    "username" : "my_role",
    "roles" : [
      "beats_system",
      "beats_admin",
      "data_writer",
      "kibana_admin"
    ],
    "full_name" : "Primary data connection",
    "email" : "",
    "metadata" : { },
    "enabled" : true
  }
}

Role info:

{
  "my_role" : {
    "cluster" : [
      "monitor",
      "manage_ilm",
      "manage_index_templates"
    ],
    "indices" : [
      {
        "names" : [
          "*"
        ],
        "privileges" : [
          "read",
          "write",
          "create_index",
          "manage_ilm"
        ],
        "field_security" : {
          "grant" : [
            "*"
          ],
          "except" : [ ]
        },
        "allow_restricted_indices" : false
      }
    ],
    "applications" : [ ],
    "run_as" : [ ],
    "metadata" : { },
    "transient_metadata" : {
      "enabled" : true
    }
  }
}

Ryan_Downey · June 18, 2020, 5:37pm

From the information that I was provided it looks like this is a known issue and is documented here: https://github.com/elastic/elasticsearch/issues/47500
Workaround is to add "manage" right at the index level for the role.

system · July 16, 2020, 5:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.