View_index_metadata doesn't allow indices:admin/get (solved)

matt_p · February 25, 2019, 3:13pm

How should I grant permissions for GET index (https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-get-index.html).

From the docs I expected that view_index_metadata should do this. I can search the index OK, but GET index gives an error. What am I doing wrong?

GET index-that-exists
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "action [indices:admin/get] is unauthorized for user [_anonymous]"
      }
    ],
    "type" : "security_exception",
    "reason" : "action [indices:admin/get] is unauthorized for user [_anonymous]"
  },
  "status" : 403
}

Elasticsearch 6.6.0, elasticsearch.yml:

xpack.security.authc:

  anonymous:
    roles: anon
    authz_exception: true

  realms:
    native:
      type: native
      order: 0    
    file:
      type: file
      order: 1

roles.yml:

anon:
  cluster:
    - monitor
  indices:
    - names: '*'
      privileges:
        - monitor
        - view_index_metadata
        - read

matt_p · March 6, 2019, 1:21pm

I found this was because the roles.yml config was not mirrored on the other node of the cluster.

Topic		Replies	Views
Built in 'User' Role in Shield Vs x-pack Elasticsearch	2	753	November 3, 2017
No 403 response if user is not allowed to read index Elasticsearch	3	747	May 23, 2017
Getting unauthorized when doing GET on indices with a read-only user Kibana elastic-stack-security	4	3654	September 23, 2020
[security_exception] action [indices:data/read/search] Elasticsearch elastic-stack-security	2	4032	July 29, 2019
Admin role is unauthorized Elasticsearch elastic-stack-security	9	2460	July 6, 2017

View_index_metadata doesn't allow indices:admin/get (solved)

Related topics