opendistro-build icon indicating copy to clipboard operation
opendistro-build copied to clipboard

Published 20 hours ago • verified publisher icon opendistro-for-elasticsearch

Permission issue

Open Abhi-dg opened this issue 3 years ago • 3 comments

""" 2021-10-13T20:55:57,530][INFO ][c.a.o.s.p.PrivilegesEvaluator] [008dac2d5e029914e] No index-level perm match for User [name=admin, backend_roles=[admin], requestedTenant=user] Resolved [aliases=[], allIndices=[], types=[], originalRequested=[], remoteIndices=[]] [Action [indices:data/read/search]] [RolesChecked [own_index]] """

I am facing this issue, I am mentioning the permissions mentioned in roles.yml file for admin role.

allowed_actions:

- "indices:*"

- "indices:admin/create"

- "indices:admin/resolve/index"

- "indices:monitor/*"

- "indices:admin/*"

- "indices:admin/create"

- "indices:admin/mapping/put"

- "indices:admin/aliases*"

- "indices:data/*"

- "indices:data/write*"

- "indices:admin/mapping/put"

- "indices:data/read*"

- "indices:admin/mappings/fields/get*"

- "indices:data/write/delete*"

- "indices:data/read/search*"
  • "indices:data/read/msearch*"
- "indices:data/read/suggest*"

- "indices:data/write/index*"

- "indices:data/write/update*"

- "indices:admin/mapping/put"

- "indices:data/write/bulk*"

- "indices:data/read/get*"

- "indices:data/read/mget*"

- "indices:data/read/mget"

- "indices:data/read/msearch"

- "indices:data/read/mtv"

- "indices:admin/aliases/exists*"

- "indices:admin/aliases/get*"

- "indices:data/read/scroll"

- "indices:data/write/bulk"

- "indices:admin/aliases*"

- "indices:data/write/reindex"

static: false

even though there is a permission mentioned for action " indices:data/read/search ", I am getting this error while trying to create an indices. Could you help me with this issue and guide me to the part where I am making a mistake,

Abhi-dg avatar Nov 12 '21 04:11 Abhi-dg

I have the same issue after upgrading Opendistro 1.10.2 to 1.13.3

[2021-12-17T09:22:04,249][INFO ][c.a.o.s.p.PrivilegesEvaluator] [h161.company.com] No index-level perm match for User [name=kibanaserver, backend_roles=[], requestedTenant=null] Resolved [aliases=[], allIndices=[], types=[], originalRequested=[], remoteIndices=[]] [Action [indices:monitor/settings/get]] [RolesChecked [own_index, kibana_server]] [2021-12-17T09:22:04,249][INFO ][c.a.o.s.p.PrivilegesEvaluator] [h161.company.com] No permissions for [indices:monitor/settings/get]

Here is exerpt from my 'internal_users.yml':

`kibanaserver: hash: "$2y$12$K.........." reserved: true description: "Kibanaserver user"

Here is an excerpt from my 'roles_mapping.yml':

kibana_server: reserved: true users:

  • "kibanaserver"

Here is an excerpt from my 'roles.yml'

kibana_server: cluster_permissions:

  • "cluster:*"
  • "indices:*" index_permissions:
  • index_patterns:
    • "*" allowed_actions:
    • "indices_all"
    • "indices:*"

Could you please advise on identifying the issue?

rlevitsky avatar Dec 17 '21 09:12 rlevitsky

This looks like a question for the security forum: https://discuss.opendistrocommunity.dev/c/security/3

stockholmux avatar Dec 17 '21 16:12 stockholmux

So what was the answer? :\

jtlz2 avatar Jun 10 '22 10:06 jtlz2