ElasticSearch7.4 开启用户读写索引权限

在之前的<<ElasticSearch 7.4集群部署 启用x-pack验证 Kibana7.4用户管理>>,新建一个没有superuser权限的用户之后,发现该用户没有写入索引的权限功能

一.分析异常

elasticsearch.exceptions.AuthorizationException: AuthorizationException(403, ‘security_exception’, ‘action [indices:admin/create] is unauthorized for user [新建的用户]’)

二.利用谷歌

https://discuss.elastic.co/t/403-exception-when-trying-to-write-to-elasticsearch-using-elasticsearchsink/61317 https://www.elastic.co/guide/en/x-pack/6.2/security-getting-started.html 参考官网权限说明并在elastic超级用户的身份下新增相应的权限用户 https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html

三.开启相应的权限

# 开启访问所有index的权限 POST /_security/role/your_authorization_name { "indices" : [ { "names" : [ "*" ], "privileges" : [ "all" ] } ] } # 查看相应的权限 GET /_security/role/your_authorization_name

在kibana后台给相应的用户添加权限名