Unable to create users and roles

Dhrumil · May 20, 2019, 10:42pm

Hi here,
I am trying to create users and roles in my elastic cluster. But, every time I run the REST API,
I get this error

{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "current license is non-compliant for [security]",
"license.expired.feature": "security"
}
],
"type": "security_exception",
"reason": "current license is non-compliant for [security]",
"license.expired.feature": "security"
},
"status": 403
}

I went through this link https://www.elastic.co/subscriptions where it is stated that "role-based access control" is available in the basic version of Elastic.

Below is the sample REST API which I picked from the elastic documentation:

POST http://localhost:9200/_security/user/jacknich
{
"password" : "j@rV1s",
"roles" : [ "admin", "other_role1" ],
"full_name" : "Jack Nicholson",
"email" : "jacknich@example.com",
"metadata" : {
"intelligence" : 7
}
}

Can someone please help me out?

Thanks.

warkolm · May 21, 2019, 12:03am

What version are you on? What license do you have?

Dhrumil · May 21, 2019, 12:49am

Hi @warkolm,
I am using Elastic Search Version 6.7.0 and I have a basic License.

TimV · May 21, 2019, 12:53am

You need 6.8.0 or 7.1.0 in order to have access to security on a basic license. Our subscriptions page always reflects the latest release, which may not be an exact match with the version you are running.

Dhrumil · May 21, 2019, 12:55am

Hey @TimV,
Thanks for the response.
I will check it on the 6.8 and 7.1 versions.

Thanks.

Dhrumil · May 21, 2019, 6:56am

Hi @TimV,
Thank you for providing me a quick headstart.
I downloaded elastic 6.8.0 and was able to add user and password in my cluster. I am able to use this command

Blockquote

curl --user username: password -XGET http://localhost:9200

Blockquote

to make requests and access my cluster. But other than curl, how can I provide authentication details in "Sense" or in "KIbana Console" to access the cluster??

TimV · May 21, 2019, 7:22am

If your Elasticsearch cluster has security enabled, then you should automatically see a login page when you access Kibana.
The credentials you enter there are used to access Elasticsearch, including in Console.

Dhrumil · May 21, 2019, 3:25pm

My elasticsearch has security enabled and I have already added a user and password in the cluster. I am not using Kibaba currently. Instead, for the REST calls I am using "Sense" tool.
In that, I am not able to run those queries because I am unable to add user and password with the REST call in "Sense".

ToddFerg · May 21, 2019, 6:33pm

Hi @Dhrumil
So I would at the current tools available and see about adding username/password support. Which sense tool are you using?

I know that there are a variety of tools out there that do support it, https://github.com/lmenezes/cerebro and others.

Dhrumil · May 21, 2019, 8:57pm

Hi @ToddFerg,
I am using the following sense tool:

I don't know how to add username/ password support for it. Can you please throw some more light on this?

TimV · May 22, 2019, 12:35am

We don't provide that tool (it's a fork, based on an older product that we merged into Kibana and discontinued the Chrome plugin).
I don't think there will be many people here who will be able to help you with it (but you might get lucky).

I would recommend you use Kibana if you can. It has a more advanced dev console feature that is actively developed and improved as well as having custom UIs for a variety of management functions like adding users and roles.

ToddFerg · May 23, 2019, 6:23pm

@Dhrumil

I would agree with Tim on this, using Kibana will give you a lot of extra features, and will fully integrate into the stack. (EVEN if you were to run it locally).

system · June 20, 2019, 6:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.