Unable to restore an ElasticSearch snapshot with Security Error

Hello,

I’m using ElasticSearch 6.7.2 with Search Guard and Google Cloud Storage Repository Plugin (https://www.elastic.co/guide/en/elasticsearch/plugins/master/repository-gcs.html#repository-gcs) using Google Cloud Storage as a repository for my Snapshots.

I can create the Snapshots without any problem. They doesn’t contains the searchguard index and I set “include_global_state” parameter as false.

But I cannot restore any of my snapshots. When I try, I get the error:

{
“error”: {
“root_cause”: [
{
“type”: “security_exception”,
“reason”: “no permissions for and User [name=admin, roles=[admin], requestedTenant=null]”
}
],
“type”: “security_exception”,
“reason”: “no permissions for and User [name=admin, roles=[admin], requestedTenant=null]”
},
“status”: 403
}

As you can see, I’m using the admin user for test the request, and I keep the defaults roles.

The cluster logs:

[2019-05-27T21:01:24,056][WARN ][c.f.s.p.SnapshotRestoreEvaluator] [node_hot_1] cluster:admin/snapshot/restore is not allowed for a regular user

Has any Search Guard configuration I must set to work with _restore API?

For SG6, you need to set:

searchguard.enable_snapshot_restore_privilege: true

in elasticsearch.yml.

This has been changed in SG7 where “true” is now the default.

Now are working fine. Thanks you.