Which xpack/elasticsearch priviliges to use HEAD?

security

(Chris Barton) #1

I have a user that's running some 3rd party code utilizing the python client. It looks like it tries to do a HEAD request on a non-existent index (checking that it isn't there before creating it, I'm told) but instead of getting a 404, it's receiving a 403. The account being used has read, create_index, delete_index, and write on indices with names fitting the pattern it's trying to HEAD for, but it's getting a 'denied' rather than 'not found'. What privilege would need to be added to that account to permit a HEAD operation in addition to GET/PUT/POST/DELETE? I can't find anything specific to it in the docs.


(Ioannis Kakavas) #2

Hi Chris,

This is not because of the HTTP operation used. A GET would have the same results as HEAD.
Your user also needs the view_index_metadata privilege on that index pattern


(Chris Barton) #3

That took care of it, many thanks!