Briefly, this error occurs when a user or role with specific permissions attempts to perform an action on Elasticsearch. The message indicates that the action request has been granted. It’s not an error, but an informational message. If you’re seeing this unexpectedly, it could mean that a user or role has been granted more permissions than intended. To resolve this, review and adjust the roles and permissions in your Elasticsearch security settings. Ensure that each user or role has only the necessary permissions for their tasks.
This guide will help you check for common problems that cause the log ” {}[transport] [access_granted]\t{}; {}; roles=[{}]; action=[{}]; request=[{}]{} ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “{}[transport] [access_granted]\t{}; {}; roles=[{}]; action=[{}]; request=[{}]{}” classname is DeprecatedLoggingAuditTrail.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
logger.info("{}[transport] [access_granted]\t{}; {}; roles=[{}]; action=[{}]; indices=[{}]; request=[{}]{}"; localNodeInfo.prefix; originAttributes(threadContext; message; localNodeInfo); subject(authentication); arrayToCommaDelimitedString(roleNames); action; arrayToCommaDelimitedString(indices.get()); message.getClass().getSimpleName(); opaqueId()); } else { logger.info("{}[transport] [access_granted]\t{}; {}; roles=[{}]; action=[{}]; request=[{}]{}"; localNodeInfo.prefix; originAttributes(threadContext; message; localNodeInfo); subject(authentication); arrayToCommaDelimitedString(roleNames); action; message.getClass().getSimpleName(); opaqueId()); } } }