@@ -173,23 +173,29 @@ protected void masterOperation(Request request, ClusterState clusterState, Actio
173173 // Early check to verify that the user can create the destination index and can read from the source
174174 if (licenseState .isAuthAllowed ()) {
175175 final String username = securityContext .getUser ().principal ();
176- RoleDescriptor .IndicesPrivileges sourceIndexPrivileges = RoleDescriptor .IndicesPrivileges .builder ()
177- .indices (config .getSource ().getIndex ())
178- .privileges ("read" )
179- .build ();
176+ List <String > srcPrivileges = new ArrayList <>(2 );
177+ srcPrivileges .add ("read" );
178+
180179 List <String > destPrivileges = new ArrayList <>(3 );
181180 destPrivileges .add ("read" );
182181 destPrivileges .add ("index" );
183182 // If the destination index does not exist, we can assume that we may have to create it on start.
184183 // We should check that the creating user has the privileges to create the index.
185184 if (concreteDest .length == 0 ) {
186185 destPrivileges .add ("create_index" );
186+ // We need to read the source indices mapping to deduce the destination mapping
187+ srcPrivileges .add ("view_index_metadata" );
187188 }
188189 RoleDescriptor .IndicesPrivileges destIndexPrivileges = RoleDescriptor .IndicesPrivileges .builder ()
189190 .indices (destIndex )
190191 .privileges (destPrivileges )
191192 .build ();
192193
194+ RoleDescriptor .IndicesPrivileges sourceIndexPrivileges = RoleDescriptor .IndicesPrivileges .builder ()
195+ .indices (config .getSource ().getIndex ())
196+ .privileges (srcPrivileges )
197+ .build ();
198+
193199 HasPrivilegesRequest privRequest = new HasPrivilegesRequest ();
194200 privRequest .applicationPrivileges (new RoleDescriptor .ApplicationResourcePrivileges [0 ]);
195201 privRequest .username (username );
0 commit comments