I have a set of concrete indexes named like myindex-v1 with aliases like myindex. For my roles, I've granted privileges as needed to all of the aliases and not the concrete indexes. That all works fine except when I attempt an update by query operation. For that, I get an error like:
{"index":"myindex-v1","type":"_doc","id":"n84CR3kBdB1sHUuGSQZl","cause":{"type":"security_exception","reason":"action [indices:data/write/bulk[s]] is unauthorized for user [apiuser] run as [logged-in-user]"},"status":403}
I am indeed using the run-as functionality, just to confirm the error. The logged-in-user does have the proper role assigned. If I add the concrete index to the index privilege for the role, the update by query operation runs successfully.
Since the concrete index is shown in the error, is there something inherent about update by query that requires privileges on the concrete index, or is this unintended behavior?