Adding privilege doesn't work

I am getting “MISSING_PRIVELEGES” with “audit_request_privilege”: “indices:admin/get” in audit log when trying to use the Query Workbench with a readall user.
When adding “indices:admin/get” to the user, logging out and back in, the user still get the same audit log.

It seems like the privilege isn’t added/working so good or have I missed something?

Thank You!

How are you adding the permission to a built in role?

You should be able to duplicate the readall role and add permission to look like below:

  reserved: false
  hidden: false
  - "cluster_composite_ops_ro"
  - index_patterns:
    - "*"
    fls: []
    masked_fields: []
    - "read"
  - index_patterns:
    - "*"
    dls: ""
    fls: []
    masked_fields: []
    - "indices:admin/get"
  tenant_permissions: []
  static: false

Then map the user to this role instead.
hope this helps

Thank you @Anthony
I did just as you are describing but I didn’t remove the mapping to default readall role.
When that was done it’s working great. :slight_smile:
Thank you very much!