Hi @Anthony
Thanks for the feedback. Adding indices:admin/index_template/put under index_permissions with * indeed works as a workaround.
Re: alias, I’m able to retrieve it if I’m targetting an index specifically such as GET /index-001/_alias, however GET /_alias does not work, presumably because I don’t have access to the internal indices like .kibana. It works if I add blanket alias permissions again under index_permissions with *, but that means the user is also able to see all internal indices
Is this really the intended behavior? In Elasticsearch, calling GET /_alias returns only the list of indices/aliases that the user has permissions to (so it’s filtered, w/o the internal indices), but it doesn’t outright reject the whole operation
my_user:
reserved: true
cluster_permissions:
- "cluster_monitor"
- "cluster_manage_index_templates"
index_permissions:
- index_patterns:
- "index-*"
allowed_actions:
- "read"
- "write"
- "create_index"
- "manage_aliases"