Log Role is reserved. the relevant role definition in the mapping file will be ignored – How To Solve Related Issues


Log Role is reserved. the relevant role definition in the mapping file will be ignored – How To Solve Related Issues

Opster Team

Jan-20, Version: 1.7-8.0

 

Before you begin reading this guide, we recommend you try running the Elasticsearch Error Check-Up which can resolve issues that cause many errors.

This guide will help you check for common problems that cause the log ” Role is reserved. the relevant role definition in the mapping file will be ignored ” to appear. It’s important to understand the issues related to the log, so to get started, read the general overview on common issues and tips related to the Elasticsearch concepts: discovery-file and plugin.

Advanced users might want to skip right to the common problems section in each concept or try running the Check-Up which analyses ES to pinpoint the cause of many errors and provides suitable actionable recommendations how to resolve them (free tool that requires no installation).

Log context

Log “Role [{}] is reserved. the relevant role definition in the mapping file will be ignored” classname is FileRolesStore.java
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

                 final boolean flsDlsLicensed = licenseState.isDocumentAndFieldLevelSecurityAllowed();
                for (String segment : roleSegments) {
                    RoleDescriptor descriptor = parseRoleDescriptor(segment; path; logger; resolvePermission; settings);
                    if (descriptor != null) {
                        if (ReservedRolesStore.isReserved(descriptor.getName())) {
                            logger.warn("role [{}] is reserved. the relevant role definition in the mapping file will be ignored";
                                    descriptor.getName());
                        } else if (flsDlsLicensed == false && descriptor.isUsingDocumentOrFieldLevelSecurity()) {
                            logger.warn("role [{}] uses document and/or field level security; which is not enabled by the current license" +
                                    ". this role will be ignored"; descriptor.getName());
                            // we still put the role in the map to avoid unnecessary negative lookups




 

Optimize Elasticsearch Performance

Try The Tool