View_index_metadata doesn't allow indices:admin/get (solved)

matt_p · February 25, 2019, 3:13pm

How should I grant permissions for GET index (https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-get-index.html).

From the docs I expected that view_index_metadata should do this. I can search the index OK, but GET index gives an error. What am I doing wrong?

GET index-that-exists
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "action [indices:admin/get] is unauthorized for user [_anonymous]"
      }
    ],
    "type" : "security_exception",
    "reason" : "action [indices:admin/get] is unauthorized for user [_anonymous]"
  },
  "status" : 403
}

Elasticsearch 6.6.0, elasticsearch.yml:

xpack.security.authc:

  anonymous:
    roles: anon
    authz_exception: true

  realms:
    native:
      type: native
      order: 0    
    file:
      type: file
      order: 1

roles.yml:

anon:
  cluster:
    - monitor
  indices:
    - names: '*'
      privileges:
        - monitor
        - view_index_metadata
        - read

matt_p · March 6, 2019, 1:21pm

I found this was because the roles.yml config was not mirrored on the other node of the cluster.

system · April 3, 2019, 1:21pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[security_exception] action [indices:data/read/search] Elasticsearch elastic-stack-security	2	3972	July 29, 2019
Action [indices:admin/mappings/get] is unauthorized for user Elasticsearch	2	8789	November 14, 2018
User Not Permitted to Check If Index Exists Elasticsearch elastic-stack-security	4	2079	July 29, 2019
What is "indices:admin/get" allowing? Elasticsearch	2	4675	February 22, 2019
Getting unauthorized when doing GET on indices with a read-only user Kibana elastic-stack-security	4	3493	September 23, 2020

View_index_metadata doesn't allow indices:admin/get (solved)

Related topics