Not a bug Action [indices:admin/create] is unauthorized for user

Affected version
2.0.0 Beta 1


Well-known member
If we use authorization and to prevent inaccuracy in the data for authorization then get the error
XFES\Elasticsearch\RequestException: action [indices:admin/create] is unauthorized for user [my_user] src/addons/XFES/Elasticsearch/Api.php:367
#0 /var/www/addons/XFES/Elasticsearch/Api.php(279): XFES\Elasticsearch\Api->request('put', 'xf_db', '{\n    "settings...')
#1 /var/www/addons/XFES/Service/Optimizer.php(87): XFES\Elasticsearch\Api->createIndex(Array)
#2 /var/www/addons/XFES/Service/Configurer.php(67): XFES\Service\Optimizer->optimize(Array)
#3 /var/www/src/addons/XFES/Admin/Controller/EnhancedSearch.php(120): XFES\Service\Configurer->initializeIndex(Array)
#4 /var/www/XF/Mvc/Dispatcher.php(232): XFES\Admin\Controller\EnhancedSearch->actionSetup(Object(XF\Mvc\ParameterBag))
#5 /var/www/XF/Mvc/Dispatcher.php(85): XF\Mvc\Dispatcher->dispatchClass('XFES:EnhancedSe...', 'Setup', 'html', Object(XF\Mvc\ParameterBag), 'xfes')
#6 /var/www/XF/Mvc/Dispatcher.php(41): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#7 /var/www/src/XF/App.php(1771): XF\Mvc\Dispatcher->run()
#8 /var/www//src/XF.php(319): XF\App->run()
#9 /var/www/admin.php(13): XF::runApp('XF\\Admin\\App')
#10 {main}
Would like to prevent this behavior and to see the normal error notification


XenForo developer
Staff member
Well you're requesting an action that requires you have permissions to create an index and you don't have that permission. I don't think an exception is really unreasonable here. The same thing would happen if you were installing or upgrading XF and didn't have permissions in MySQL.

Similar to MySQL, locking down permissions in ES would be an advanced feature so you would generally be responsible for ensuring that you have the permissions necessary for the actions you're trying to take.