access constraint to auth and security index

[tumeteor]

Hi,
we tried to put a secondary security level on top of this plugin, more specifically, we put the access constraints to the auth and security indexes. So that we can control that no normal user can touch the security part. However, now we got the permission deny for all the writing access.
Maybe its the default thing that auth and security indexes are protected from 'user' role and we did the redundant thing that we shouldnt?

Thanks,

[marevol]

Could you give me steps(ex. curl commands) to reproduce it?

[tumeteor]

yes, we put this constraint on the auth index:

curl -XPOST 'localhost:9200/security/constraint/' -d "{
"authenticator" : "index",
"paths" : ["/auth"],
"methods" : ["get", "post"],
"roles" : ["admin"]
}"
but then we got permission denied for any auth access even when we log in as 'admin' role.

[rjoberon]

I wonder what the general procedure is to protect the authentication index? It clearly is not desirable to allow users to access the index, so is the procedure described above the way to go?