Skip to content
Unverified Commit fa9c4bb7 authored by Tim Vernum's avatar Tim Vernum Committed by GitHub
Browse files

Fix identification of action type in error message (#68260) 

Some actions that start with "indices:" are actually handled by
cluster privileges in ES security (e.g. indices:admin/template/*)
In #60357 and #66900 we added better context information for the
error messages that are generated when an action is denied, but the
generation of that message did not correctly classify actions between
cluster and index level privileges.

This change does 2 things:
1. It fixes the code that determines whether an action is handled by a
   cluster privilege or an index privilege
2. Includes the words "cluster" and "index" in the error message so
   that classification is clear to the reader

The latter change is not directly related to the issue being resolved,
but in the course of fixing the issue it became evident that the
message lacked clarity because it did not tell the reader what type of
privilege would be needed to resolve the access denied issue.

Resolves: #68144
parent a92a647b
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment