Internal user needs cluster:monitor/main to only read an index

Ploef · February 9, 2023, 10:37am

OpenSearch: 2.4.1

I have created an internal user, together with a role and mapping so the user has reading rights on one index. Unfortunately this user receives a 403 back and the logging shows the following message:

No cluster-level perm match for User [name=consumer_pace_wurperson, backend_roles=, requestedTenant=null] Resolved [aliases=[], allIndices=[], types=[], originalRequested=[], remoteIndices=] [Action [cluster:monitor/main]] [RolesChecked [consumer_pace_wurperson, own_index]]. No permissions for [cluster:monitor/main]

Does anybody have an idea why this user should have these cluster rights for only reading a single index?

Kind regards,
Peter

Describe the issue:

Configuration:

Relevant Logs or Screenshots:

pablo · February 10, 2023, 12:20am

@Ploef Could you share the curl command that produced the reported error?

pablo · February 18, 2023, 12:05am

@Ploef I think this permission follows the logic of the REST Client. The REST Client pings / endpoint before running the query.

Ploef · February 18, 2023, 10:44am

@pablo, thanks. Perhaps not obvious but it makes sense.

Topic		Replies	Views
No permissions for [cluster:monitor/main Open Source Elasticsearch and Kibana	17	10203	May 21, 2020
Index permissions as Cluster permission Security	1	199	January 26, 2024
Permissions weird Security	10	767	October 9, 2023
Opensearch Dashboards Reports plugin Access Issue Reporting Plugin	2	763	August 25, 2022
Getting 403 forbidden when trying to use an internal user that is mapped to a role with a restrictive index pattern Security security-issue	2	1803	December 7, 2023

Internal user needs cluster:monitor/main to only read an index

Related topics