How should I grant permissions for GET index (https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-get-index.html).
From the docs I expected that view_index_metadata
should do this. I can search the index OK, but GET index gives an error. What am I doing wrong?
GET index-that-exists
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "action [indices:admin/get] is unauthorized for user [_anonymous]"
}
],
"type" : "security_exception",
"reason" : "action [indices:admin/get] is unauthorized for user [_anonymous]"
},
"status" : 403
}
Elasticsearch 6.6.0, elasticsearch.yml:
xpack.security.authc:
anonymous:
roles: anon
authz_exception: true
realms:
native:
type: native
order: 0
file:
type: file
order: 1
roles.yml:
anon:
cluster:
- monitor
indices:
- names: '*'
privileges:
- monitor
- view_index_metadata
- read