In elasticsearch 7.2.0, I try to define in roles.yml the following role:
cluster: [ "all" ]
- names : [ " * " ]
priviledges: [ "all" ]
run_as: [ " * " ]
- application : " * "
privileges : [ " * " ]
resources : [ " * " ]
I assigned an LDAP group (such as LDAP_GROUP_1) to this role in role_mapping.yml.
In log, although user1, belonging to the LDAP group, is shown in admin_role:
user [user1], with roles [[admin_role]]
The user1 cannot access the API GET such as
The error message is
"reason": "action [cluster:admin/xpack/security/role/get] is unauthorized for user [user1]"
ir I assign the LDAP group in role_mapping.yml as supperuser:
user1 this time can access all the api such as GET /_security/role
I checked superuser role GET /_security/role/superuser, and it returns same setting as I did for admin_role.
Does anyone know why this happens?