CODEWITHSUNDEEP
elasticsearchaws-elasticsearch
Bolein95
Bolein95

Reputation: 3056

ElasticSearch no permissions for [indices:data/read/msearch] despite having the permission

I'm running into the weirdest permission issue for _msearch.

When running simple _search with the same query, everything runs perfectly.

POST /job/_search

{"query":{"bool":{"must":[{"bool":{"must":{"bool":{"should":[{"multi_match":{"query":"s","fields":["title"],"type":"best_fields","operator":"or","fuzziness":2}},{"multi_match":{"query":"s","fields":["title"],"type":"phrase","operator":"or"}},{"multi_match":{"query":"s","fields":["title"],"type":"phrase_prefix","operator":"or"}}],"minimum_should_match":"1"}}}}]}},"size":10,"_source":{"includes":["*"],"excludes":[]}}

When running it with _msearch I get the permission error

POST /job/_msearch

{}
{"query":{"bool":{"must":[{"bool":{"must":{"bool":{"should":[{"multi_match":{"query":"s","fields":["title"],"type":"best_fields","operator":"or","fuzziness":2}},{"multi_match":{"query":"s","fields":["title"],"type":"phrase","operator":"or"}},{"multi_match":{"query":"s","fields":["title"],"type":"phrase_prefix","operator":"or"}}],"minimum_should_match":"1"}}}}]}},"size":10,"_source":{"includes":["*"],"excludes":[]}}

{
    "error": {
        "root_cause": [
            {
                "type": "security_exception",
                "reason": "no permissions for [indices:data/read/msearch] and User [name=public_api, backend_roles=[], requestedTenant=null]"
            }
        ],
        "type": "security_exception",
        "reason": "no permissions for [indices:data/read/msearch] and User [name=public_api, backend_roles=[], requestedTenant=null]"
    },
    "status": 403
}

Here are my permissions in Kibana:

enter image description here

I am running an OpenDistro in AWS ElasticSearch Service.

Upvotes: 13

Views: 28362

Answers (4)

bossModus
bossModus

Reputation: 31

Based on the answer from @Bolein95, which works perfectly, If anyone looking for Terraform Permissions, you could add the following Cluster Permissions:

cluster_permissions = ["indices:data/read*", "indices:admin/mappings/fields/get*"]

Upvotes: 0

Wesley Cheek
Wesley Cheek

Reputation: 1696

I solved this by not using fine-grained access control.

Upvotes: 2

Prasanth Rajendran
Prasanth Rajendran

Reputation: 5512

I have solved the above permission problem using the following steps

  • Login to Kibana using admin or user with higher previledges

  1. Click security option

    Step

  2. Click roles option and then select the desired role for your user based on your requirement. In my case, the user requires all access so selected all_access role

  3. Click Mapped users then click Manage mapping option.

  4. In the Users section type/paste the IAM-arn/internal-user and then press enter

  5. Finally, click the map

That's all, the user will be mapped to the role and corresponding permissions, thereafter you will not face the permission issue mentioned in the question

enter image description here

Upvotes: 16

Bolein95
Bolein95

Reputation: 3056

Fixed by setting the following cluster permissions:

enter image description here

Upvotes: 6

Related Questions