Login/Register
ElasticSearch no permissions for [indices:data/read/msearch] despite having the permission
Asked Answered
Solved elasticsearchaws-elasticsearch
W

4

12

I'm running into the weirdest permission issue for _msearch.

When running simple _search with the same query, everything runs perfectly.

POST /job/_search

{"query":{"bool":{"must":[{"bool":{"must":{"bool":{"should":[{"multi_match":{"query":"s","fields":["title"],"type":"best_fields","operator":"or","fuzziness":2}},{"multi_match":{"query":"s","fields":["title"],"type":"phrase","operator":"or"}},{"multi_match":{"query":"s","fields":["title"],"type":"phrase_prefix","operator":"or"}}],"minimum_should_match":"1"}}}}]}},"size":10,"_source":{"includes":["*"],"excludes":[]}}

When running it with _msearch I get the permission error

POST /job/_msearch

{}
{"query":{"bool":{"must":[{"bool":{"must":{"bool":{"should":[{"multi_match":{"query":"s","fields":["title"],"type":"best_fields","operator":"or","fuzziness":2}},{"multi_match":{"query":"s","fields":["title"],"type":"phrase","operator":"or"}},{"multi_match":{"query":"s","fields":["title"],"type":"phrase_prefix","operator":"or"}}],"minimum_should_match":"1"}}}}]}},"size":10,"_source":{"includes":["*"],"excludes":[]}}

{
    "error": {
        "root_cause": [
            {
                "type": "security_exception",
                "reason": "no permissions for [indices:data/read/msearch] and User [name=public_api, backend_roles=[], requestedTenant=null]"
            }
        ],
        "type": "security_exception",
        "reason": "no permissions for [indices:data/read/msearch] and User [name=public_api, backend_roles=[], requestedTenant=null]"
    },
    "status": 403
}

Here are my permissions in Kibana:

enter image description here

I am running an OpenDistro in AWS ElasticSearch Service.

Westbrook answered 24/3, 2021 at 4:9 Comment(1)
please referMorceau
W
6

Fixed by setting the following cluster permissions:

enter image description here

Westbrook answered 24/3, 2021 at 5:22 Comment(0)
M
15

I have solved the above permission problem using the following steps

  • Login to Kibana using admin or user with higher previledges

  1. Click security option

    Step

  2. Click roles option and then select the desired role for your user based on your requirement. In my case, the user requires all access so selected all_access role

  3. Click Mapped users then click Manage mapping option.

  4. In the Users section type/paste the IAM-arn/internal-user and then press enter

  5. Finally, click the map

That's all, the user will be mapped to the role and corresponding permissions, thereafter you will not face the permission issue mentioned in the question

enter image description here

Morceau answered 26/8, 2021 at 18:35 Comment(0)
W
6

Fixed by setting the following cluster permissions:

enter image description here

Westbrook answered 24/3, 2021 at 5:22 Comment(0)
I
2

I solved this by not using fine-grained access control.

Iraq answered 14/3, 2022 at 6:21 Comment(0)
T
0

Based on the answer from @Bolein95, which works perfectly, If anyone looking for Terraform Permissions, you could add the following Cluster Permissions:

cluster_permissions = ["indices:data/read*", "indices:admin/mappings/fields/get*"]
Toleration answered 26/10, 2023 at 14:0 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.