Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Confusing index template permissions level #1432

Closed
davidshtian opened this issue Aug 25, 2021 · 4 comments
Closed

[BUG] Confusing index template permissions level #1432

davidshtian opened this issue Aug 25, 2021 · 4 comments
Labels
bug Something isn't working triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@davidshtian
Copy link

Describe the bug
Try to add index template to role and map to a user, due to official Access Control Permissions docs, I tried to add index permission to the role.

For the new [index template] (https://www.elastic.co/guide/en/elasticsearch/reference/current/index-templates.html#index-templates), the setting "indices:admin/index_template/get" (also this permission is not included in Access Control Permissions docs) is okay.

However, for the legacy template, the setting "indices:admin/template/get" is not working, and I need to add this permission to cluster level permissions, and it works.

To Reproduce
Steps to reproduce the behavior:

  1. Go to 'Security/Roles'
  2. Click on 'Create role'
  3. Add permission "indices:admin/template/get" to Index permissions
  4. See error below:
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "no permissions for [indices:admin/template/delete] and User [name=template, backend_roles=[], requestedTenant=__user__]"
      }
    ],
    "type" : "security_exception",
    "reason" : "no permissions for [indices:admin/template/delete] and User [name=template, backend_roles=[], requestedTenant=__user__]"
  },
  "status" : 403
}
  1. Add permission "indices:admin/template/get" to Cluster permissions, and the query executed successfully.

Expected behavior
Modify the "indices:admin/index_template/get" permission to index level as its name showed.

Plugins
Security plugin.

Screenshots
Not working setting:
image
Working setting:
image

Host/Environment (please complete the following information):

  • OS: Amazon Linux release 2
  • Version 1.0.0

Additional context
N/A
@davidshtian
Copy link
Author

Additional Info - kind of similar issue here Indices:admin/template/put is a “cluster” action?

@CEHENKLE CEHENKLE transferred this issue from opensearch-project/OpenSearch Aug 31, 2021
@CEHENKLE
Copy link
Member

Transferring issue to security plugin in. Please let me know (@) if this is the wrong location. Thanks!

@davidlago davidlago added the bug Something isn't working label Nov 3, 2021
@davidlago davidlago added the triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. label Oct 10, 2022
@stephen-crawford
Copy link
Contributor

[Triage] @cwperks could you take a minute to review this when you get a chance. Thank you.

@cwperks
Copy link
Member

cwperks commented Feb 27, 2023

Closing this issue as there is a related issues in dashboards to solve this problem with UX:

There is a related PR in the security-dashboards-plugin to add all actions to the dropdowns:

@cwperks cwperks closed this as completed Feb 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@davidlago @davidshtian @cwperks @stephen-crawford @CEHENKLE