How to avoid error of "no permission" when searching using an index pattern?

asfoorial · March 5, 2021, 8:40pm

Greetings everyone,

I have a case where I created two indices (index1, and index2). I have two groups of users added to two roles (role1, role2) which are assigned to index1 and index2 indices respectively with search permissions.

Now I have one application querying all data in elasticsearch using the pattern index*. However, users get “no permission” error when running search because users in either roles don’t have search permission over one of the indices.

The user expected behaviour is that Elasticsearch will return results from the index the user has access to. How can I get that behaviour done?

Thanks

BlackMetalz · March 6, 2021, 5:03am

You need to give application user index* permission if you query via pattern index*

Anthony · March 10, 2021, 11:22am

@asfoorial there is an option in config.yml file that needs to be enabled, I think this will give you the functionality you are looking for:

config:
  dynamic:
     do_not_fail_on_forbidden: true

Please remember to upload the config with securityadmin.sh script and admin cert:

./securityadmin.sh -cd .../securityconfig/ -icl -nhnv -cacert .../root-ca.pem -cert .../kirk.pem -key .../kirk-key.pem

asfoorial · March 10, 2021, 4:49pm

Thanks @Anthony and I will give it a try and see the behavior

Topic		Replies	Views
No permissions on indices:data/read/search template when the permission is attached in the role Security	10	7155	September 19, 2023
Index permitions with global index pattern not working Security	1	682	May 24, 2021
Index patterns and index permissions Security configure	1	655	April 25, 2022
Wildcards in permissions Security	6	702	May 23, 2023
Applying index permissions by exception? General Feedback discuss	1	302	February 7, 2023

How to avoid error of "no permission" when searching using an index pattern?

Related Topics