Elasticsearch version (bin/elasticsearch --version): 7.0.0-SNAPSHOT
Description of the problem including expected versus actual behavior:
When calling _cat/indices with no index list, indices for which the user does not have privileges simply omit the docs count and storage size information. However, calling the same API with an index for which the user does not have privileges (_cat/indices/index_you_cant_see_info_for) returns a 403 error:
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "action [indices:monitor/stats] is unauthorized for user [billy]"
}
],
"type": "security_exception",
"reason": "action [indices:monitor/stats] is unauthorized for user [billy]"
},
"status": 403
}
I think the API should behave the same in either case, just return the data without storage size and docs count.
Elasticsearch version (
bin/elasticsearch --version): 7.0.0-SNAPSHOTDescription of the problem including expected versus actual behavior:
When calling
_cat/indiceswith no index list, indices for which the user does not have privileges simply omit the docs count and storage size information. However, calling the same API with an index for which the user does not have privileges (_cat/indices/index_you_cant_see_info_for) returns a 403 error:I think the API should behave the same in either case, just return the data without storage size and docs count.