Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authorization denial errors are not actionable #42166

Open
tvernum opened this issue May 16, 2019 · 1 comment

Comments

Projects
None yet
2 participants
@tvernum
Copy link
Contributor

commented May 16, 2019

The access denied error message is:

action [{}] is unauthorized for user [{}]

This has a few problems:

  1. In the case of an index level action, it doesn't tell you which index was denied.
  2. It doesn't list the user's roles
  3. We discourage security administrators from assigning raw actions to roles, but that is the only information that is provided in the error.

When users run into these errors they aren't being given enough information to be able to solve the problem. We need to be more explicit about exactly what was rejected and the options to resolve it.

One idea was to include a list of the cluster/index privileges that would grant this action (perhaps roughly sorted from least-privilege to most-privileged)

@elasticmachine

This comment has been minimized.

Copy link

commented May 16, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.