We have a user defined for this purpose which has the watcher_admin role, but when we do a put to create a watcher we get the error msg: cluster:admin/script/put is unauthorized for this user.
If the watcher_admin role is not sufficient, what else do we need?
which Elasticsearch version are you on. Can you share the command you are using to store the watch?
Below are 2 curl commands that we use frequently, deleting and creating. In this case, I’m trying to create a stored script instead of a watcher. This is what is giving us the error.
curl --user user:password --request DELETE "https://es.prod.business.comcast.com:443/_scripts/getTopKeyValuesByCondition" --cacert certfile.crt
curl --user user:password --header "Content-Type: application/json" --request POST "https://es.prod.business.comcast.com:443/_scripts/getTopKeyValuesByCondition" --data-ascii "@curlstoredscript_getTopKeyValuesByCondition.json" --cacert
certfile.crt
if you want to store scripts, you need that particular privilege as well. On top of my head this is part of the manage cluster privilege.
I think it might make sense to allow storing/deleting/getting script as part of manage_watcher. I will open an issue for this.
Thank you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.