- Using SG and Elasticsearch 6.5.3 with JRE 8 on Ubuntu Linux 18.04
We have a role mapping that maps a specific user to a role that looks like this:
{
“cluster”: [
“CLUSTER_COMPOSITE_OPS”
],
“indices”: {
“fd-sp-57feef3fb471-b57c623dc65b”: {
“*”: [
“INDICES-ALL”,
“indices:data/write/bulk”,
“indices:data/write/index”
]
}
},
“tenants”: {}
}
``
However, when our user (“b900c1bd-531b-484f-8e41-e52ee3486740”) attempts a bulk operation on the index, it is rejected with the following message:
[2019-03-20T17:02:48,417][INFO ][c.f.s.p.PrivilegesEvaluator] [isZPOIE] No index-level perm match for User [name=b900c1bd-531b-484f-8e41-e52ee3486740, roles=, requestedTenant=null] Resolved [aliases=, indices=[fd-sp-57feef3fb471-b57c623dc65b], allIndices=[fd-sp-57feef3fb471-b57c623dc65b], types=[space], isAll()=false, isEmpty()=false] [Action [indices:data/write/bulk[s]]] [RolesChecked [sg_own_index, fd-sp-57feef3fb471-b57c623dc65b-reader, fd-sp-57feef3fb471-b57c623dc65b-modifier]]
``
What are we missing? INDICES_ALL should be sufficient as it is supposed to include “indices:*”.
The mapping that should be applied (fd-sp-57feef3fb471-b57c623dc65b-modifier) looks like this:
{
“backendroles”: ,
“hosts”: [
“*”
],
“users”: [
“b900c1bd-531b-484f-8e41-e52ee3486740”
]
}
``
Any help would be greatly appreciated.