elasticsearch-auth icon indicating copy to clipboard operation
elasticsearch-auth copied to clipboard
verified publisher icon codelibs

access constraint to auth and security index

Open tumeteor opened this issue 11 years ago • 3 comments

Hi, we tried to put a secondary security level on top of this plugin, more specifically, we put the access constraints to the auth and security indexes. So that we can control that no normal user can touch the security part. However, now we got the permission deny for all the writing access. Maybe its the default thing that auth and security indexes are protected from 'user' role and we did the redundant thing that we shouldnt?

Thanks,

tumeteor avatar May 26 '14 13:05 tumeteor

Could you give me steps(ex. curl commands) to reproduce it?

marevol avatar May 27 '14 21:05 marevol

yes, we put this constraint on the auth index:

curl -XPOST 'localhost:9200/security/constraint/' -d "{ "authenticator" : "index", "paths" : ["/auth"], "methods" : ["get", "post"], "roles" : ["admin"] }" but then we got permission denied for any auth access even when we log in as 'admin' role.

tumeteor avatar May 27 '14 22:05 tumeteor

I wonder what the general procedure is to protect the authentication index? It clearly is not desirable to allow users to access the index, so is the procedure described above the way to go?

rjoberon avatar Jun 11 '14 06:06 rjoberon