"no permissions" exception for admin user

bakili · June 23, 2023, 7:38am

We are running, 2.6.0 Opensearch standalone node, because we were missing index template for “.opendistro*” prefixed indices they got created with replicas (but we have 1 node setup), later on we created a simple script to set their replicas setting as 0 and created a default template for all indices. But We have following issue handful of .opendistro* prefixed indices can’t be updated/deleted by even admin user, when we try it returns below exception

[security_exception] no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=customtenant]

why? expected? should not admin user has all the priviledges?

pablo · June 23, 2023, 12:01pm

@bakili The .opendistro* pattern matches the .opendistro_security index. This index can be managed only with an admin certificate defined in plugins.security.authcz.admin_dn: in opensearch.yml

bakili · June 23, 2023, 1:28pm

you mean, it has to be done from curl with certificate as authenticator? any guides online?

pablo · June 23, 2023, 7:09pm

@bakili Correct. curl with admin certificate. There is no clear information in the documentation about the .opensearch_security index.

However, you can find brief information in the restore snapshot description.

Topic		Replies	Views
Reason: no permissions for []... what? Security	1	454	September 5, 2022
No permissions for Snapshot OpenSearch	3	1438	June 10, 2024
Opendistro-anomaly-results-history index permissions OpenSearch anomaly-detection , index-management	1	14	August 22, 2024
ISM and security permissions Security configure	8	59	August 15, 2024
Security_Exception on .opendistro-alerting-config index Security	6	345	February 29, 2024

"no permissions" exception for admin user

Related topics