I’m currently testing opendistro, and I’m stuck with creating roles via the Kibana Security GUI. The affect seems to be that the role I create grants no permissions. For example:
Expected Result #1:
$ curl localhost:9200
Unauthorized
Expected Result #2:
$ curl -u logstash:logstash localhost:9200
{
“name” : “node-0”,
“cluster_name” : “elasticsearch”,
…
Expected Result #3:
Create new user user1 in the GUI and give him the role logstash
curl -u user1:password123 localhost:9200
{
“name” : “node-0”,
“cluster_name” : “elasticsearch”,
…
Unexpected Result:
Copy role logstash as role cloned. Expect to see the cluster info message, get 403
$ curl -u user1:password123 localhost:9200
{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for [cluster:monitor/main] and User [name=user1, roles=[cloned], requestedTenant=null]”}],“type”:“security_exception”,“reason”:“no permissions for [cluster:monitor/main] and User [name=user1, roles=[cloned], requestedTenant=null]”},“status”:403}
I see an ES error when I try to curl the endpoint, but I’m not sure what the issue root issue is:
[2019-03-29T16:54:47,880][INFO ][c.a.o.s.p.PrivilegesEvaluator] [node-0] No cluster-level perm match for User [name=user1, roles=[cloned], requestedTenant=null] Resolved [aliases=, indices=, allIndices=, types=[*], isAll()=false, isEmpty()=false] [Action [cluster:monitor/main]] [RolesChecked [own_index]]
[2019-03-29T16:54:47,880][INFO ][c.a.o.s.p.PrivilegesEvaluator] [node-0] No permissions for [cluster:monitor/main]
Is there something missing in my process?