ElasticSearch7.4 開啓用戶讀寫索引權限

在之前的<<ElasticSearch 7.4集羣部署 啓用x-pack驗證 Kibana7.4用戶管理>>,新建一個沒有superuser權限的用戶之後,發現該用戶沒有寫入索引的權限功能

一.分析異常

elasticsearch.exceptions.AuthorizationException: AuthorizationException(403, ‘security_exception’, ‘action [indices:admin/create] is unauthorized for user [新建的用戶]’)

二.利用谷歌

https://discuss.elastic.co/t/403-exception-when-trying-to-write-to-elasticsearch-using-elasticsearchsink/61317

https://www.elastic.co/guide/en/x-pack/6.2/security-getting-started.html

參考官網權限說明並在elastic超級用戶的身份下新增相應的權限用戶
https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html

三.開啓相應的權限

# 開啓訪問所有index的權限
POST /_security/role/your_authorization_name
{
  "indices" : [
    {
      "names" : [ "*" ],
      "privileges" : [ "all" ]
    }
  ]
}

# 查看相應的權限
GET /_security/role/your_authorization_name

在kibana後臺給相應的用戶添加權限名