no permissions for [indices:monitor/settings/get] and User [name=curator, roles=[], requestedTenant=

[k.zhel...@sap.com]

* Search Guard and Elasticsearch version: 6.5.4-oss-24.0

I have created `curator` user for searchguard, but when Delete Indices is running i got the following Error: 

Failed to complete action: delete_indices.  <class 'curator.exceptions.FailedExecution'>: Failed to get indices. Error: AuthorizationException(403, u'security_exception', u'no permissions for [indices:monitor/settings/get] and User [name=curator, roles=[], requestedTenant=null]')

sg_internal_users.yml:

curator:

  hash: password-hash

sg_roles.yml:

sg_curator:

  cluster:

  - CLUSTER_MONITOR

  - CLUSTER_COMPOSITE_OPS

  indices:

    logstash-*:

      '*':

      - DELETE

      - INDICES_MONITOR

sg_roles_mapping.yml

sg_curator:

  readall: true

  users:

  - curator

[k.zhel...@sap.com]

I have also tried an UNLIMITED permissions but again did not work

[Jochen Kressin]

If you get permission errors even when you assign UNLIMITED permissions, it is most probably an error with the roles mapping, i.e. the user is not mapped to the role you expect.

Please check first that your user is assigned to the correct Search Guard roles:

https://docs.search-guard.com/latest/troubleshooting-search-guard-user-roles

There's also a troubleshooting guide that helps you evaluating what permissions a user/role is missing.

This snippet here in your sg_roles_mapping.yml:

sg_curator:
  readall: true
  users:
  - curator

has two issues. "readall" is not a valid key here, I guess you mean "readonly". And, the "- curator" entry has a wrong indentation. In your snippet it is on the same level as the "users" key, but it should be indented by 2 spaces. Maybe this is the problem here?