DarshitChanpura
commented
2 years ago [Triage] Thank you for filing this. We'd love to review a pull request.
Open ronniepg opened 2 years ago
DarshitChanpura
commented
2 years ago [Triage] Thank you for filing this. We'd love to review a pull request.
stephen-crawford
commented
1 year ago [Triage] Keeping this issue in the backlog as it seems like a valid issue. A PR introducing a fix would happily be reviewed.
bastbnl
commented
1 year ago Issue exists in 2.9.0
What is the bug? Aliases and Rollover index APIs fail with permission denied when user role is restricted based on index pattern
How can one reproduce the bug? Steps to reproduce the behavior:
curl -XPUT https://localhost:9200/_plugins/_security/api/roles/sem-role -H 'Content-Type: application/json' -d' { "cluster_permissions": [ "cluster_monitor" ], "index_permissions": [{ "index_patterns": [ "sem*" ], "allowed_actions" : ["*"] }] }curl -XPUT https://localhost:9200/_plugins/_security/api/internalusers/sem-user -H 'Content-Type: application/json' -d' { "password": "######", "opendistro_security_roles": ["sem-role"] } 'curl https://localhost:9200/_cat/aliases/sem*?pretty -u sem-userfails with no permissions for [indices:admin/aliases/get]# curl -u sem-user -X POST "https://localhost:9200/sem-source1/_rollover?pretty"fails with no permissions for [indices:admin/rollover]These APIs work fine when the index pattern on the role is changed to " " instead of " sem "
What is the expected behavior?
What is your host/environment? OpenSearch 1.2.4 with opensearch-security plugin enabled on OEL7
Do you have any screenshots? NA
Do you have any additional context?