Briefly, this error occurs when a user tries to perform an action that is not allowed by the current Elasticsearch workflow. This could be due to insufficient permissions or a misconfigured workflow. To resolve this issue, you can check the user’s permissions and ensure they have the necessary rights to perform the action. Alternatively, you can review the workflow configuration to ensure it is set up correctly. If the error persists, you may need to consult with your system administrator or the person responsible for managing your Elasticsearch workflows.
This guide will help you check for common problems that cause the log ” access restricted by workflow ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “access restricted by workflow” class name is RBACEngine.java. We extracted the following from Elasticsearch source code for those seeking an in-depth context :
@Override public void resolveAuthorizationInfo(RequestInfo requestInfo; ActionListenerlistener) { final Authentication authentication = requestInfo.getAuthentication(); rolesStore.getRoles(authentication; listener.delegateFailureAndWrap((l; roleTuple) -> { if (roleTuple.v1() == Role.EMPTY_RESTRICTED_BY_WORKFLOW || roleTuple.v2() == Role.EMPTY_RESTRICTED_BY_WORKFLOW) { l.onFailure(new ElasticsearchRoleRestrictionException("access restricted by workflow")); } else { l.onResponse(new RBACAuthorizationInfo(roleTuple.v1(); roleTuple.v2())); } })); }