no permissions for [indices:data/write/bulk

Search Guard
#1

Searchgaurd6

I want to grant admin role to ‘CN=spock,OU=client,O=client,L=Test,C=DE’ which is a certficate.

but it show “no permissions for [indices:data/write/bulk] and User [name=CN=spock,OU=client,O=client,L=Test,C=DE, roles=, requestedTenant=null]” when I create index… could u tell why and how to config certificate user. I didn’t find example demo.

log:

I config the sgconfig files as follows:

1.sg_internal_users.yml

2.sg_roles_mapping.yml

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

  • Installed and used enterprise modules, if any

  • JVM version and operating system version

  • Search Guard configuration files

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

#2

You are using backend roles to map the user to the sg_all_access role, however, the DN of the certificate is the user name, not any backend role.

Try mapping the certificate via username, like:

sg_all_access:
users:
- “CN=spock, OU=…”

``

···

On Tuesday, June 26, 2018 at 10:15:52 AM UTC+2, 775878550@qq.com wrote:

Searchgaurd6

I want to grant admin role to ‘CN=spock,OU=client,O=client,L=Test,C=DE’ which is a certficate.

but it show “no permissions for [indices:data/write/bulk] and User [name=CN=spock,OU=client,O=client,L=Test,C=DE, roles=, requestedTenant=null]” when I create index… could u tell why and how to config certificate user. I didn’t find example demo.

log:

I config the sgconfig files as follows:

1.sg_internal_users.yml

2.sg_roles_mapping.yml

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version
  • Installed and used enterprise modules, if any
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any