Questions about /_cat/... permissions

alonzo · May 16, 2019, 11:38am

Hi,

we have one of our users which have only access to ROR indices .
if this user needs to run /_cat/indices or /_cat/shards for example , he gets only the results which related to readonlyrest indices .
if this user needs to get the output of all indices will I need to add read permissions for “*” or there is something else I can set ?
this user doesn’t need to see the indexes data but need to see the full output of /_cat/indices and other /_cat commands .

thanks

sscarduzio · May 16, 2019, 5:57pm

If there is no restriction on indices for this user, let’s not have the indices rule at all. Maybe just the actions rule. See the ROR log lines to identify the correct action strings (“ACT” field).

sanderson · November 6, 2019, 4:20pm

@sscarduzio I’m experiencing a similar problem, I receive no output when I run GET /_cat/indices. However, I do see output from GET _cat/shards/. This user should have no restrictions. I’ve tried removing the indices and actions rules. I’ve also tried using “*” for both. I’m running ES 5.6.16.

Thank you

coutoPL · November 6, 2019, 6:20pm

please, try to use this build:

https://readonlyrest-data.s3-eu-west-1.amazonaws.com/build/1.18.9-pre1/readonlyrest-1.18.9-pre1_es5.6.16.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA5SJIWBO54AGBERLX/20191106/eu-west-1/s3/aws4_request&X-Amz-Date=20191106T182024Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=733d209262c40401f3dee457f8981e21f2197ff168d85e58c30481f1238dabd8

sanderson · November 6, 2019, 10:12pm

@coutoPL Yes that worked!! Is there a bug in the public release?

coutoPL · November 8, 2019, 3:50pm

yes, in 1.18.8. We’ll release 1.18.9 with fix soon