Transport run as denied t roles= action= request= – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 6.8-6.8

Before you dig into reading this guide, have you tried asking OpsGPT what this log means? You’ll receive a customized analysis of your log.

Try OpsGPT now for step-by-step guidance and tailored insights into your Elasticsearch operation.

Briefly, this error occurs when a user or client tries to perform an action on Elasticsearch that they don’t have the necessary permissions for. This is related to Elasticsearch’s role-based access control (RBAC) system. To resolve this issue, you can either grant the necessary permissions to the user or role, or perform the action with a user or role that already has the necessary permissions. Alternatively, you can disable the RBAC system, but this is not recommended due to security concerns.

For a complete solution to your to your search operation, try for free AutoOps for Elasticsearch & OpenSearch . With AutoOps and Opster’s proactive support, you don’t have to worry about your search operation – we take charge of it. Get improved performance & stability with less hardware.

This guide will help you check for common problems that cause the log ” {}[transport] [run_as_denied]\t{}; {}; roles=[{}]; action=[{}]; request=[{}]{} ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.

Log Context

Log “{}[transport] [run_as_denied]\t{}; {}; roles=[{}]; action=[{}]; request=[{}]{}” classname is DeprecatedLoggingAuditTrail.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

                    logger.info("{}[transport] [run_as_denied]\t{}; {}; roles=[{}]; action=[{}]; indices=[{}]; request=[{}]{}";
                            localNodeInfo.prefix; originAttributes(threadContext; message; localNodeInfo); runAsSubject(authentication);
                            arrayToCommaDelimitedString(roleNames); action; arrayToCommaDelimitedString(indices.get());
                            message.getClass().getSimpleName(); opaqueId());
                } else {
                    logger.info("{}[transport] [run_as_denied]\t{}; {}; roles=[{}]; action=[{}]; request=[{}]{}"; localNodeInfo.prefix;
                            originAttributes(threadContext; message; localNodeInfo); runAsSubject(authentication);
                            arrayToCommaDelimitedString(roleNames); action; message.getClass().getSimpleName(); opaqueId());
                }
            }
        }

 

How helpful was this guide?

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?