Audit_request_privilege indices:admin/mapping/auto_put

meta · December 15, 2020, 5:35pm

Attempting to post data from rsyslog to Elasticsearch, the security-auditlog index fills up with entries listing a missing privilege:

audit_request_privilege  indices:admin/mapping/auto_put

However, I can’t give that privilege to the login ID using Kibana, because Kibana says there’s no such privilege.

oscark · December 16, 2020, 8:45am

If you want to use Kibana I think you should be able to create an Action Group (Permissions → Create action group) with the permission and then add the action group to the role.
Alternatively you should be able to use the API.
As a third and worst alternative you could add indices:admin/mapping/* to the role.

Anthony · February 8, 2021, 5:51pm

Hi @meta did you manage to resolve the permission issue using above mentioned method?

Topic		Replies	Views
Best option for automating role creation in Kibana? Security	9	980	September 14, 2020
Non admin users are unable to access indexed data from Kibana Discovery Security	1	495	May 24, 2021
Copying built-in kibana_server role Security	12	1371	September 14, 2023
Mapping new user to kibana_server Security	6	984	October 6, 2024
Users unable to save queries Security troubleshoot	7	2151	March 30, 2022