Permission issue #788

Abhi-dg · 2021-11-12T04:45:38Z

""" 2021-10-13T20:55:57,530][INFO ][c.a.o.s.p.PrivilegesEvaluator] [008dac2d5e029914e] No index-level perm match for User [name=admin, backend_roles=[admin], requestedTenant=user] Resolved [aliases=[], allIndices=[], types=[], originalRequested=[], remoteIndices=[]] [Action [indices:data/read/search]] [RolesChecked [own_index]] """

I am facing this issue, I am mentioning the permissions mentioned in roles.yml file for admin role.

allowed_actions:

- "indices:*"

- "indices:admin/create"

- "indices:admin/resolve/index"

- "indices:monitor/*"

- "indices:admin/*"

- "indices:admin/create"

- "indices:admin/mapping/put"

- "indices:admin/aliases*"

- "indices:data/*"

- "indices:data/write*"

- "indices:admin/mapping/put"

- "indices:data/read*"

- "indices:admin/mappings/fields/get*"

- "indices:data/write/delete*"

- "indices:data/read/search*"

"indices:data/read/msearch*"

- "indices:data/read/suggest*"

- "indices:data/write/index*"

- "indices:data/write/update*"

- "indices:admin/mapping/put"

- "indices:data/write/bulk*"

- "indices:data/read/get*"

- "indices:data/read/mget*"

- "indices:data/read/mget"

- "indices:data/read/msearch"

- "indices:data/read/mtv"

- "indices:admin/aliases/exists*"

- "indices:admin/aliases/get*"

- "indices:data/read/scroll"

- "indices:data/write/bulk"

- "indices:admin/aliases*"

- "indices:data/write/reindex"

static: false

even though there is a permission mentioned for action " indices:data/read/search ", I am getting this error while trying to create an indices. Could you help me with this issue and guide me to the part where I am making a mistake,

The text was updated successfully, but these errors were encountered:

rlevitsky · 2021-12-17T09:30:50Z

I have the same issue after upgrading Opendistro 1.10.2 to 1.13.3

[2021-12-17T09:22:04,249][INFO ][c.a.o.s.p.PrivilegesEvaluator] [h161.company.com] No index-level perm match for User [name=kibanaserver, backend_roles=[], requestedTenant=null] Resolved [aliases=[], allIndices=[], types=[], originalRequested=[], remoteIndices=[]] [Action [indices:monitor/settings/get]] [RolesChecked [own_index, kibana_server]]
[2021-12-17T09:22:04,249][INFO ][c.a.o.s.p.PrivilegesEvaluator] [h161.company.com] No permissions for [indices:monitor/settings/get]

Here is exerpt from my 'internal_users.yml':

`kibanaserver:
hash: "$2y$12$K.........."
reserved: true
description: "Kibanaserver user"

Here is an excerpt from my 'roles_mapping.yml':

kibana_server:
reserved: true
users:

"kibanaserver"

Here is an excerpt from my 'roles.yml'

kibana_server:
cluster_permissions:

"cluster:*"

"indices:*"
index_permissions:

index_patterns:

"*"
allowed_actions:

"indices_all"

"indices:*"

Could you please advise on identifying the issue?

stockholmux · 2021-12-17T16:50:23Z

This looks like a question for the security forum: https://discuss.opendistrocommunity.dev/c/security/3

jtlz2 · 2022-06-10T10:20:19Z

So what was the answer? :\

Abhi-dg added the question Further information is requested label Nov 12, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Permission issue #788

Permission issue #788

Abhi-dg commented Nov 12, 2021

rlevitsky commented Dec 17, 2021 •

edited

stockholmux commented Dec 17, 2021

jtlz2 commented Jun 10, 2022

Permission issue #788

Permission issue #788

Comments

Abhi-dg commented Nov 12, 2021

rlevitsky commented Dec 17, 2021 • edited

stockholmux commented Dec 17, 2021

jtlz2 commented Jun 10, 2022

rlevitsky commented Dec 17, 2021 •

edited