Good evening,
I am having an error when giving permissions for sg_anonymous users to access cluster:monitor/healt. The idea is that all users that are not authenticated match sg_anonymous with sg_anonymou_backendrole and can have access to the resource cluster.monitorhealth.
*In sg_config.yml file, I have allowed anonymous authentication
searchguard:
dynamic:
http:
anonymous_auth_enabled: true
*In sg_roles_mapping.yml file, I have added
sg_anonymous:
backendroles:
- sg_anonymous_backendrole
*In sg_roles.yml file, I have added
sg_anonymous:
cluster:
- CLUSTER_MONITOR
- cluster:monitor/health
indices:
‘public’:
‘*’: - READ
*In sg_action_groups.yml file, I am referring to
CLUSTER_MONITOR:
readonly: true
permissions:
- “cluster:monitor/*”
With the configuration shown above, I still get the error when trying to access to the resource https://host_name:9200/_cluster/health
{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/health] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/health] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"},"status":403}
The log error files are the following ones:
[2018-10-11T09:27:28,323][INFO ][c.f.s.c.PrivilegesEvaluator] No cluster-level perm match for User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null] Resolved [aliases=[*], indices=[*], allIndices=[*], types=[*], isAll()=true, isEmpty()=false] [Action [cluster:monitor/health]] [RolesChecked [sg_own_index]]
[2018-10-11T09:27:28,323][INFO ][c.f.s.c.PrivilegesEvaluator] No permissions for [cluster:monitor/health]
Thanks in advance for your help with this issue.