Briefly, this error occurs when a user or role with specific permissions makes a request to Elasticsearch indices. The message indicates that the request has been granted, meaning the user or role has the necessary permissions to perform the requested action. If this is unexpected, it could indicate a misconfiguration of roles or permissions. To resolve this, you should review your Elasticsearch security settings, specifically roles and permissions. Ensure that only the appropriate users or roles have access to perform certain actions on your indices.
This guide will help you check for common problems that cause the log ” {}[transport] [access_granted]\t{}; {}; roles=[{}]; action=[{}]; indices=[{}]; request=[{}]{} ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “{}[transport] [access_granted]\t{}; {}; roles=[{}]; action=[{}]; indices=[{}]; request=[{}]{}” classname is DeprecatedLoggingAuditTrail.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
if (eventFilterPolicyRegistry.ignorePredicate().test(new AuditEventMetaInfo(Optional.of(user);
Optional.of(effectiveRealmName(authentication)); Optional.of(authorizationInfo); indices)) == false) {
final LocalNodeInfo localNodeInfo = this.localNodeInfo;
final String[] roleNames = (String[]) authorizationInfo.asMap().get(LoggingAuditTrail.PRINCIPAL_ROLES_FIELD_NAME);
if (indices.isPresent()) {
logger.info("{}[transport] [access_granted]\t{}; {}; roles=[{}]; action=[{}]; indices=[{}]; request=[{}]{}";
localNodeInfo.prefix; originAttributes(threadContext; message; localNodeInfo); subject(authentication);
arrayToCommaDelimitedString(roleNames); action; arrayToCommaDelimitedString(indices.get());
message.getClass().getSimpleName(); opaqueId());
} else {
logger.info("{}[transport] [access_granted]\t{}; {}; roles=[{}]; action=[{}]; request=[{}]{}"; localNodeInfo.prefix;
