No permissions for Snapshot

shivag · June 21, 2023, 9:52am

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Describe the issue: After taking the snapshot of indices and when we tried to restore the snapshot of indices, im getting error as below

{
“error” : {
“root_cause” : [
{
“type” : “security_exception”,
“reason” : “no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]”
}
],
“type” : “security_exception”,
“reason” : “no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]”
},
“status” : 403
}

Configuration: POST /_snapshot/my-fs-repository/wazuh_snapshot/_restore

Relevant Logs or Screenshots:

pablo · June 21, 2023, 2:26pm

@shivag If you took the snapshot with the global state than you must use admin certificate to restore the snapshot as the snapshot will also contain security plugin index.

Iqra_shafiq · June 10, 2024, 6:50am

I have not included the global state. still I am facing the issue.

Command used for taking snapshot:

curl -XPUT -k -u admin:opensearch123 "https://192.168.0.28:9200/_snapshot/snapshot_repository/latest_snapshot" -H "Content-Type: application/json" -d '
{
  "ignore_unavailable": true,
  "include_global_state": false,
  "partial": false
}
'

Command for restoring snapshot in same cluster:

curl -XPOST -k -u admin:opensearch123 "https://192.168.0.28:9200/_snapshot/snapshot_repository/latest_snapshot/_restore" -H "Content-Type: application/json" -d '
{
  "ignore_unavailable": true,
  "include_global_state": false,
  "include_aliases": false,
  "partial": false
}
'

Below is the error I am facing:

{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"},

Iqra_shafiq · June 10, 2024, 7:04am

I have also tried following command but still error remains same:

curl -XPOST -k -u admin:opensearch123 "https://192.168.0.28:9200/_snapshot/snapshot_repository/latest_snapshot/_restore" -H "Content-Type: application/json" -d '
{
  "ignore_unavailable": true,
  "indices": "-.opendistro_security",
  "include_global_state": false,
  "include_aliases": false,
  "partial": false,
  "rename_pattern": "(security-auditlog-2024.05.30)",
  "rename_replacement": "security-auditlog-2024.05.30_restored"
}
'

 curl -XPOST -k -u admin:opensearch123 "https://192.168.0.28:9200/_snapshot/snapshot_repository/latest_snapshot/_restore" -H "Content-Type: application/json" --key "/opt/opensearch/config/certs/node1-key.pem" --cert "/opt/opensearch/config/certs/node1.pem" --cacert "/opt/opensearch/config/certs/root-ca.pem" -d '
{
  "ignore_unavailable": true,
  "indices": "-.opendistro_security",
  "include_global_state": false,
  "include_aliases": false,
  "partial": false,
  "rename_pattern": "(security-auditlog-2024.05.30)",
  "rename_replacement": "security-auditlog-2024.05.30_restored"
}
'

Facing below error:

{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"},"status":403}

Topic		Replies	Views
Security permission issue while restoring snapshot from elastic cluster to opensearch cluster OpenSearch discuss , troubleshoot	13	2669	June 22, 2022
"no permissions" exception for admin user OpenSearch	3	1010	June 23, 2023
Unable to restore snapshot with cluster state included Security troubleshoot	2	1152	May 10, 2023
Restore snapshot Index Management troubleshoot	2	245	May 27, 2023
Snapshot restore without .opendistro_security requires admin certs Security	1	1331	August 21, 2020

No permissions for Snapshot

Related topics