diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/RoleDescriptor.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/RoleDescriptor.java index 9ab3dd6f329..46cfa97c6aa 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/RoleDescriptor.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/RoleDescriptor.java @@ -235,10 +235,6 @@ public class RoleDescriptor implements ToXContent { } } else if (ParseFieldMatcher.STRICT.match(currentFieldName, Fields.PRIVILEGES)) { privileges = readStringArray(roleName, parser, true); - if (names.length == 0) { - throw new ElasticsearchParseException("failed to parse indices privileges for role [{}]. [{}] cannot be an empty " + - "array", roleName, currentFieldName); - } } else if (ParseFieldMatcher.STRICT.match(currentFieldName, Fields.FIELDS)) { fields = readStringArray(roleName, parser, true); } else { diff --git a/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/10_basic.yaml b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/10_basic.yaml index 6f4695a8c18..9e5898103c6 100644 --- a/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/10_basic.yaml +++ b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/10_basic.yaml @@ -22,6 +22,21 @@ } - match: { role: { created: true } } + - do: + xpack.security.put_role: + name: "backwards_role" + body: > + { + "cluster": ["all"], + "indices": [ + { + "privileges": ["all"], + "names": "*" + } + ] + } + - match: { role: { created: true } } + - do: xpack.security.put_user: username: "joe"