403 ERROR on upgrade assistance for Elasticsearch


I have admin access to Elasticsearch/Kibana on our cluster but, when I open the upgrade assistance to look for issues for upgrading from ES 7 to 8, I see a “403 - Forbidden by ReadonlyREST plugin”.This is the log entry that shows up in the ES logs

FORBIDDEN by default req={ ID:716361934-1954696342#236675345, TYP:GetFeatureUpgradeStatusRequest, CGR:N/A, USR:aniket.sheth (attempted), BRS:true, KDX:null, ACT:cluster:admin/migration/get_system_feature, OA:, XFF:, DA:, IDX:<N/A>, MET:GET, PTH:/_migration/system_features, CNT:<N/A>, HDR:Accept-Charset=utf-8, Authorization=<OMITTED>, Host=<REDACTED>:9200, connection=close, content-length=0, user-agent=elasticsearch-js/7.16.0-canary.7 (linux 3.10.0-1160.66.1.el7.x86_64-x64; Node.js v16.14.2), x-elastic-client-meta=es=7.16.0p,js=16.14.2,t=7.16.0p,hc=16.14.2, x-elastic-product-origin=kibana, x-forwarded-for=, x-opaque-id=4f47b70b-857b-4f31-bd23-49986b3d8d04, x-ror-kibana-request-method=get, x-ror-kibana-request-path=/s/default/api/upgrade_assistant/es_deprecations,

Is there something that I am missing? as an admin, I should have access to all of the apis, right? Any help will be much appreciated.


do you see anything suspected in ES logs (warn/error logs)?
And it looks like the log you showed is truncated. Could you please show the whole log please?

BTW In the meantime @Dzuming fixed that ugly line-wrap that splits the “ReadonlyRES” + “T”. :+1: