Hi, I am using elasticsearch 6.8.0.
Configured with AD group and getting below error
{"message":"action [indices:data/read/search] is unauthorized for user [xxxxxx]: [security_exception] action [indices:data/read/search] is unauthorized for user [xxxxxx]","statusCode":403,"error":"Forbidden"}
Created ADMIN Role:-
GET _xpack/security/role/ADMIN
{
"ADMIN" : {
"cluster" : [
"all"
],
"indices" : [
{
"names" : [
"*"
],
"privileges" : [
"all"
],
"field_security" : {
"grant" : [ ]
},
"allow_restricted_indices" : false
}
],
"applications" : [ ],
"run_as" : [
"*"
],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}
Mapped ADMIN role to AD group
GET _xpack/security/role_mapping/ADMIN
{
"ADMIN" : {
"enabled" : true,
"roles" : [
"superuser",
"reporting_user",
"monitoring_user",
"kibana_user"
],
"rules" : {
"field" : {
"groups" : "CN=XXXXXX,OU=Resource,OU=Groups,OU=XXXX,DC=xxxx1,DC=xxx,DC=xxx"
}
},
"metadata" : { }
}
}
Anything missing on myside to get ADMIN access to view all indices?
When I give CN=*, I am able to view all. Need help on this.