Elasticsearch version: 7.6.2
Describe the issue: If I want to export search results in Kibana as CSV, I need
indices:data/read/scroll/clear permission on the cluster, even if I have
SGS_READ permissions on the indice for which I’m exporting data.
Expected behavior: I would expect to be able to generate the CSV, since
indices:data/read* permissions on the indice.
[c.f.s.p.PrivilegesEvaluator] [node1] No cluster-level perm match for User [name=user1, backend_roles=[lots_of_roles], requestedTenant=null] Resolved [aliases=[*], indices=[*], allIndices=[*], types=[*], originalRequested=, remoteIndices=] [Action [indices:data/read/scroll/clear]] [RolesChecked [custom_role, SGS_KIBANA_USER]]
If I assign a cluster level permissions for the role, I can generate the report without a problem. Is that expected behaviour?
I noticed similar issue in Add certain permissions to a user.