Unale to index data using user defined roles and role mappings

I'm using roles and role mapping . I'm able to delete and create index but not able to send data.

`role_mapping.yml: | 
- "cn=GBI APC Infra,ou=groups,o=mine.com,o=email" 

roles.yml: | 
cluster: [ 'monitor', 'manage_index_templates' ] 
- names: [ 'events-*' ] 
privileges: [ 'all' ] 

curl -XDELETE --cacert crt.pem -u rgujral 'https://es-coordinating.gbi-opstools-dev.svc.lb.usrno3.mine.io:9200/events-monitor' 
Enter host password for user 'rgujral': 

curl -XPOST --cacert crt.pem -u rgujral "https://es-coordinating.gbi-opstools-dev.svc.lb.usrno3.mine.io:9200/events-monitor/sample/" -H 'Content-Type: application/json' -d' 
"user" : "gbi", 
"post_date" : "2009-11-15T14:12:12", 
"city" : "bangalore", 
"message" : "trying out Elasticsearch" 
Enter host password for user 'rgujral': 
{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:data/write/bulk[s]] is unauthorized for user [rgujral]"}],"type":"security_exception","reason":"action [indices:data/write/bulk[s]] is unauthorized for user [rgujral]"},"status":403}` 

However I'm able to do the above with elastic user as it is superuser. Please check and Lem me know what changes do I need to make in roles ignorer to send data to index

Does user rgujral have the click_admins role ?

What is the output of

curl -XGET --cacert crt.pem -u rgujral 'https://es-coordinating.gbi-opstools-dev.svc.lb.usrno3.mine.io:9200/_xpack/security/_authenticate' 

Yes "rgujral" user is apart of group "cn=GBI APC Infra,ou=groups,o=mine.com,o=email"
after running the command

  "username" : "rgujral",
  "roles" : [
  "full_name" : null,
  "email" : null,
  "metadata" : {
    "ldap_dn" : "uid=rgujral,ou=people,o=mine.com,o=email",
    "ldap_groups" : [
       "cn=GBI APC Infra,ou=groups,o=mine.com,o=email"
  "enabled" : true,
  "authentication_realm" : {
    "name" : "ldap1",
    "type" : "ldap"
  "lookup_realm" : {
    "name" : "ldap1",
    "type" : "ldap"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.