What is the bug?
I have been trying to properly scope down access to tenants with just read only access to dashboards, visualisations, and reports on specific indexes, but retain the ability to generate CSV reports on saved searches and report definitions. The base role has _cluster_composite_opsro, _opensearch_dashboards_allread, and all readonly Reporting permissions.
Reporting using OpenSearch Dashboards neither captures that indices:monitor/settings/get must be allowed on the Index permissions of the Role, nor that the Tenant Permission must be Read/Write.
Regarding the Read/Write Tenant Permission, generating a report is technically writing, but for someone just downloading a CSV of a saved search, do I have to leave the Tenant open for modification or is there another way?
What is the bug? I have been trying to properly scope down access to tenants with just read only access to dashboards, visualisations, and reports on specific indexes, but retain the ability to generate CSV reports on saved searches and report definitions. The base role has _cluster_composite_opsro, _opensearch_dashboards_allread, and all readonly Reporting permissions.
Reporting using OpenSearch Dashboards neither captures that indices:monitor/settings/get must be allowed on the Index permissions of the Role, nor that the Tenant Permission must be Read/Write.
Regarding the Read/Write Tenant Permission, generating a report is technically writing, but for someone just downloading a CSV of a saved search, do I have to leave the Tenant open for modification or is there another way?