在之前的<<ElasticSearch 7.4集羣部署 啓用x-pack驗證 Kibana7.4用戶管理>>,新建一個沒有superuser權限的用戶之後,發現該用戶沒有寫入索引的權限功能
一.分析異常
elasticsearch.exceptions.AuthorizationException: AuthorizationException(403, ‘security_exception’, ‘action [indices:admin/create] is unauthorized for user [新建的用戶]’)
二.利用谷歌
https://discuss.elastic.co/t/403-exception-when-trying-to-write-to-elasticsearch-using-elasticsearchsink/61317
https://www.elastic.co/guide/en/x-pack/6.2/security-getting-started.html
參考官網權限說明並在elastic超級用戶的身份下新增相應的權限用戶
https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html
三.開啓相應的權限
# 開啓訪問所有index的權限
POST /_security/role/your_authorization_name
{
"indices" : [
{
"names" : [ "*" ],
"privileges" : [ "all" ]
}
]
}
# 查看相應的權限
GET /_security/role/your_authorization_name
在kibana後臺給相應的用戶添加權限名