View_index_metadata doesn't allow indices:admin/get (solved)

How should I grant permissions for GET index (https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-get-index.html).

From the docs I expected that view_index_metadata should do this. I can search the index OK, but GET index gives an error. What am I doing wrong?

GET index-that-exists
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "action [indices:admin/get] is unauthorized for user [_anonymous]"
      }
    ],
    "type" : "security_exception",
    "reason" : "action [indices:admin/get] is unauthorized for user [_anonymous]"
  },
  "status" : 403
}

Elasticsearch 6.6.0, elasticsearch.yml:

xpack.security.authc:

  anonymous:
    roles: anon
    authz_exception: true

  realms:
    native:
      type: native
      order: 0    
    file:
      type: file
      order: 1

roles.yml:

anon:
  cluster:
    - monitor
  indices:
    - names: '*'
      privileges:
        - monitor
        - view_index_metadata
        - read

I found this was because the roles.yml config was not mirrored on the other node of the cluster.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.