No permissions for [cluster:monitor/shards]

jong · April 10, 2025, 11:10am

Versions: OpenSearch 2.19.0

Describe the issue:
I’m seeing an error a lot in my logs

No cluster-level perm match for User [name=curator, backend_roles=[], requestedTenant=null] Resolved [aliases=[*], allIndices=[*], types=[*], originalRequested=[*], remoteIndices=[]] [Action [cluster:monitor/shards]] [RolesChecked [curator_role, own_index]]. No permissions for [cluster:monitor/shards]

But when I try to add that permission to the role Dashboards says cluster:monitor/shards doesn't match any options

This permission doesn’t seem to be listed in the docs:

Any idea why am I getting this error and why I can’t add or find in the docs?

Mantas · April 11, 2025, 10:24am

Hi @jong,

I have managed to add the cluster:monitor/shards to my role via config files (roles.yml):

test:
  reserved: false
  cluster_permissions:
    - "cluster_composite_ops"
    - "cluster:monitor/shards"
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - "indices_all"

However, I ran into the same issue as you when trying to do it via UI, BUG?

As a workaround, use your config files. Make sure to back up your configuration before applying any changes, as whatever is in the files will override it.

You could also report the behavior here:

Best,
mj

Topic		Replies	Views
Internal user needs cluster:monitor/main to only read an index Security	3	529	February 18, 2023
Missing permissions for user error when using notifications channel to Slack Security	1	283	November 4, 2022
No permissions for [cluster:monitor/main Open Source Elasticsearch and Kibana	17	10458	May 21, 2020
Roles and permissions - view dashboards Security	8	676	June 4, 2024
Opensearch Security Permissions Not Found Security	1	302	November 29, 2023

No permissions for [cluster:monitor/shards]

Related topics