Unable to create users and roles

Hi here,
I am trying to create users and roles in my elastic cluster. But, every time I run the REST API,
I get this error

{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "current license is non-compliant for [security]",
"license.expired.feature": "security"
}
],
"type": "security_exception",
"reason": "current license is non-compliant for [security]",
"license.expired.feature": "security"
},
"status": 403
}

I went through this link https://www.elastic.co/subscriptions where it is stated that "role-based access control" is available in the basic version of Elastic.

Below is the sample REST API which I picked from the elastic documentation:

POST http://localhost:9200/_security/user/jacknich
{
"password" : "j@rV1s",
"roles" : [ "admin", "other_role1" ],
"full_name" : "Jack Nicholson",
"email" : "jacknich@example.com",
"metadata" : {
"intelligence" : 7
}
}

Can someone please help me out?

Thanks.

What version are you on? What license do you have?

Hi @warkolm,
I am using Elastic Search Version 6.7.0 and I have a basic License.

You need 6.8.0 or 7.1.0 in order to have access to security on a basic license. Our subscriptions page always reflects the latest release, which may not be an exact match with the version you are running.

Hey @TimV,
Thanks for the response.
I will check it on the 6.8 and 7.1 versions.

Thanks.

Hi @TimV,
Thank you for providing me a quick headstart.
I downloaded elastic 6.8.0 and was able to add user and password in my cluster. I am able to use this command

Blockquote

curl --user username: password -XGET http://localhost:9200

Blockquote

to make requests and access my cluster. But other than curl, how can I provide authentication details in "Sense" or in "KIbana Console" to access the cluster??

If your Elasticsearch cluster has security enabled, then you should automatically see a login page when you access Kibana.
The credentials you enter there are used to access Elasticsearch, including in Console.

My elasticsearch has security enabled and I have already added a user and password in the cluster. I am not using Kibaba currently. Instead, for the REST calls I am using "Sense" tool.
In that, I am not able to run those queries because I am unable to add user and password with the REST call in "Sense".

Hi @Dhrumil
So I would at the current tools available and see about adding username/password support. Which sense tool are you using?

I know that there are a variety of tools out there that do support it, https://github.com/lmenezes/cerebro and others.

Hi @ToddFerg,
I am using the following sense tool:

I don't know how to add username/ password support for it. Can you please throw some more light on this?

We don't provide that tool (it's a fork, based on an older product that we merged into Kibana and discontinued the Chrome plugin).
I don't think there will be many people here who will be able to help you with it (but you might get lucky).

I would recommend you use Kibana if you can. It has a more advanced dev console feature that is actively developed and improved as well as having custom UIs for a variety of management functions like adding users and roles.

1 Like

@Dhrumil

I would agree with Tim on this, using Kibana will give you a lot of extra features, and will fully integrate into the stack. (EVEN if you were to run it locally).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.