No permissions for [cluster:monitor/main]

Security
1

Hi Team,

Elasticsearch version 7.10.2
Platform: kubernetes
User is able to login with LDAP user
Get below error while running GET / from ldap user
{
“error” : {
“root_cause” : [
{
“type” : “security_exception”,
“reason” : “no permissions for [cluster:monitor/main] and User [name=CN=Sharath Kumar A S,CN=Users,DC=xxxxxxx,DC=com, backend_roles=, requestedTenant=]”
}
],
“type” : “security_exception”,
“reason” : “no permissions for [cluster:monitor/main] and User [name=CN=Sharath Kumar A S,CN=Users,DC=xxxxxxx,DC=com, backend_roles=, requestedTenant=]”
},
“status” : 403
}

Role details

{
“elk-admin” : {
“reserved” : false,
“hidden” : false,
“cluster_permissions” : [
"
],
“index_permissions” : [
{
“index_patterns” : [
"
],
“fls” : ,
“masked_fields” : ,
“allowed_actions” : [
“read”
]
}
],
“tenant_permissions” : [
{
“tenant_patterns” : [
“*”
],
“allowed_actions” : [
“kibana_all_write”
]
}
],
“static” : false
}
}

Rolemapping

{
“elk-admin” : {
“hosts” : ,
“users” : ,
“reserved” : false,
“hidden” : false,
“backend_roles” : [
“CN=g.xxx-engineers,OU=Generic,OU=Groups,OU=Corp,OU=Common,DC=xxxx,DC=com”
],
“and_backend_roles” :
}
}

2

image
image3385×923 109 KB

3

Hello Sharath,

Please click on your user avatar (top-right corner) and then view roles and identities.
Is elk-admin there? If not, then all the permissions this role defines are not properly mapped to your user (possibly something is wrong with your backend role definition).

4

How do i fix it ?

image
image1851×1268 93.1 KB

5

It working now. Thanks