Denying access as action is not an index or cluster action – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 6.8-8.9

Briefly, this error occurs when a user tries to perform an action that is not permitted by Elasticsearch’s security settings. This could be due to the user not having the necessary permissions or the action being outside the scope of index or cluster actions. To resolve this issue, you can either grant the necessary permissions to the user or ensure that the action being performed is within the allowed index or cluster actions. Alternatively, you can disable the security settings if they are not required, but this should be done with caution as it can expose your Elasticsearch to potential threats.

This guide will help you check for common problems that cause the log ” denying access as action [{}] is not an index or cluster action ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin, index, cluster.

Log Context

Log “denying access as action [{}] is not an index or cluster action” classname is AuthorizationService.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

                    );
                    threadContext
                )
            );
        } else {
            logger.warn("denying access as action [{}] is not an index or cluster action"; action);
            auditTrail.accessDenied(requestId; authentication; action; request; authzInfo);
            listener.onFailure(actionDenied(authentication; authzInfo; action; request));
        }
    }

 

 [ratemypost]