The dashboards fetches /_data_stream/**/_stats?human=true which tries to access to security protected index .opendistro_security. As you can see from opensearch-node log I already give max permissions to admin (all_access/full_access roles with indices:monitor/data_stream/stats) but it's not enough.
{"type":"response","@timestamp":"2024-02-27T14:57:24Z","tags":[],"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/ism/apiCaller","method":"post","headers":{"host":"xxxx","content-length":"81","sec-ch-ua":"\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Google Chrome\";v=\"114\"","dnt":"1","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","osd-version":"2.12.0","content-type":"application/json","osd-xsrf":"osd-fetch","sec-ch-ua-platform":"\"Windows\"","accept":"*/*","origin":"https://xxxx","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://xxxx/logs/app/opensearch_index_management_dashboards","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9,ru;q=0.8","x-forwarded-proto":"http","x-real-ip":"xxxx","traceparent":"00-9d2c96465d0e4df9845a46edb479e439-d7a52d99fae94c2f-03","x-forwarded-for":"xxxx"},"remoteAddress":"xxxx","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","referer":"https://xxxx/logs/app/opensearch_index_management_dashboards"},"res":{"statusCode":200,"responseTime":39,"contentLength":9},"message":"POST /api/ism/apiCaller 200 39ms - 9.0B"}
Index Management - CommonService - apiCaller StatusCodeError: [security_exception] no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]
at respond (/usr/share/opensearch-dashboards/node_modules/elasticsearch/src/lib/transport.js:349:15)
at checkRespForFailure (/usr/share/opensearch-dashboards/node_modules/elasticsearch/src/lib/transport.js:306:7)
at HttpConnector.<anonymous> (/usr/share/opensearch-dashboards/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)
at IncomingMessage.wrapper (/usr/share/opensearch-dashboards/node_modules/lodash/lodash.js:4991:19)
at IncomingMessage.emit (node:events:529:35)
at IncomingMessage.emit (node:domain:489:12)
at endReadableNT (node:internal/streams/readable:1400:12)
at processTicksAndRejections (node:internal/process/task_queues:82:21) {
status: 403,
displayName: 'AuthorizationException',
path: '/_data_stream/**/_stats?human=true',
query: undefined,
body: {
error: {
root_cause: [Array],
type: 'security_exception',
reason: 'no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]'
},
status: 403
Describe the bug
The dashboards fetches
/_data_stream/**/_stats?human=true
which tries to access to security protected index.opendistro_security
. As you can see from opensearch-node log I already give max permissions toadmin
(all_access/full_access roles withindices:monitor/data_stream/stats
) but it's not enough.OpenSearch Version 2.12.0
Dashboards Version 2.12.0
Plugins
All bundled plugins
Screenshots
OpenSearch node logs: