How to config indices:admin/create permisson in version 7

Search Guard
1

I tried SGS_ALL_ACCESS and CREATE_INDEX in sg_roles.yml:

PA_LOGSTASH_USER:
  description: "my search guard role"
  cluster_permissions:
    - "cluster:monitor/main"
    - "cluster:admin/xpack/monitoring/bulk"
    - CREATE_INDEX
    - SGS_ALL_ACCESS
    - CLUSTER_MONITOR
    - CLUSTER_COMPOSITE_OPS
    - CLUSTER_MANAGE_INDEX_TEMPLATES
    - CLUSTER_MANAGE_ILM
    - CLUSTER_MANAGE_PIPELINES
  index_permissions:
    - index_patterns:
      - "panos-*"
      allowed_actions:
        - SGS_READ
        - SGS_WRITE

But I still got error in es:

No index-leve requestedTenant=null] Resolved [aliases=[], indices=[panos-threat], allIndices=[panos-threat], types=[*], originaldices:admin/create]] [RolesChecked [SGS_LOGSTASH, PA_LOGSTASH_USER, SGS_OWN_INDEX]]" }

logstash error:

no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]

2

CREATE_INDEX is named SGS_CREATE_INDEX is a index and not a cluster permission.

PA_LOGSTASH_USER:
  description: "my search guard role"
  cluster_permissions:
    - "cluster:monitor/main"
    - "cluster:admin/xpack/monitoring/bulk"
    - SGS_CLUSTER_MONITOR
    - SGS_CLUSTER_COMPOSITE_OPS
    - SGS_CLUSTER_MANAGE_INDEX_TEMPLATES
    - SGS_CLUSTER_MANAGE_ILM
    - SGS_CLUSTER_MANAGE_PIPELINES
  index_permissions:
    - index_patterns:
      - "panos-*"
      allowed_actions:
        - SGS_CRUD
        - SGS_MANAGE
        - SGS_CREATE_INDEX

If you still have issues use the SGS_LOGSTASH role as a template https://github.com/floragunncom/search-guard/blob/cce6f490868b86d3c627ece1f4f751052c06bc01/src/main/resources/static_config/static_roles.yml#L173

4

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.