no permissions for [indices:monitor/settings/get] and User [name=curator, roles=[], requestedTenant=

  • Search Guard and Elasticsearch version: 6.5.4-oss-24.0

I have created curator user for searchguard, but when Delete Indices is running i got the following Error:

Failed to complete action: delete_indices. <class ‘curator.exceptions.FailedExecution’>: Failed to get indices. Error: AuthorizationException(403, u’security_exception’, u’no permissions for [indices:monitor/settings/get] and User [name=curator, roles=, requestedTenant=null]')

sg_internal_users.yml:

curator:

hash: password-hash

sg_roles.yml:

sg_curator:

cluster:

  • CLUSTER_MONITOR

  • CLUSTER_COMPOSITE_OPS

indices:

logstash-*:

‘*’:

  • DELETE

  • INDICES_MONITOR

sg_roles_mapping.yml

sg_curator:

readall: true

users:

  • curator

I have also tried an UNLIMITED permissions but again did not work

If you get permission errors even when you assign UNLIMITED permissions, it is most probably an error with the roles mapping, i.e. the user is not mapped to the role you expect.

Please check first that your user is assigned to the correct Search Guard roles:

There’s also a troubleshooting guide that helps you evaluating what permissions a user/role is missing.

This snippet here in your sg_roles_mapping.yml:

sg_curator:
readall: true
users:

  • curator

``

has two issues. “readall” is not a valid key here, I guess you mean “readonly”. And, the “- curator” entry has a wrong indentation. In your snippet it is on the same level as the “users” key, but it should be indented by 2 spaces. Maybe this is the problem here?

···

On Tuesday, March 26, 2019 at 4:39:58 PM UTC+1, k.zhelyazkov@sap.com wrote:

I have also tried an UNLIMITED permissions but again did not work