Hello, using ES 5.5.0 and ROR 1.16.8, my administrative user which has full access to do everything has no access to the _cat/aliases endpoint
Previously, my administrator block looked like this:
- name: "Administrator access" proxy_auth: ["administrator"] kibana_access: admin actions: ["*"]
And I was getting the error
[2017-07-31T23:56:47,353][INFO ][o.e.p.r.a.ACL ] FORBIDDEN by default req={ ID:1953456960-1763679816#20808382, TYP:GetAliasesRequest, USR:administrator, BRS:false, ACT (idea) indices:admin/aliases/get, OA:127.0.0.1, IDX:, MET:GET, PTH:/_cat/aliases, CNT :<OMITTED, LENGTH=0>, HDR:connection,content-length,host,x-forwarded-for,x-forwarded-host,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[Administrator access->[kibana_access->false, proxy_auth->true]] }
And receiving the permission denied message.
I saw the “indices:admin/aliases/get” as the action, so I tried explicitly adding it to my block
Now my block looks like this
- name: "Administrator access" proxy_auth: ["administrator"] kibana_access: admin actions: ["*", "indices:admin/*", "indices:admin/aliases/get"]
And I am still getting the error:
[2017-08-01T00:02:27,607][INFO ][o.e.p.r.a.ACL ] FORBIDDEN by default req={ ID:1296547691-1762772625#1511, TYP:GetAliasesRequest, USR:administrator, BRS:false, ACT:indices:admin/aliases/get, OA:127.0.0.1, IDX:, MET:GET, PTH:/_cat/aliases, CNT:<OMITTED, LENGTH=0>, HDR:connection,content-length,host,x-forwarded-for,x-forwarded-host,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS: [Administrator access->[kibana_access->false, proxy_auth->true]] }
Any ideas?
Thanks!