search

opensearch-project / security

🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields
https://opensearch.org/docs/latest/security-plugin/index/
Apache License 2.0
180 stars 264 forks source link

[BUG] DNFOF does not work for some APIs #4413

Closed derek-ho closed 3 weeks ago

derek-ho commented 3 weeks ago

What is the bug? Some APIs which DNFOF should work for do not. Namely: GET _cat/aliases

A similar issue was fixed for cat/indices here: https://github.com/opensearch-project/security/pull/3236. It seems like the initial issue also called out aliases as a bug, but that was not addressed: https://github.com/opensearch-project/security/issues/1815

How can one reproduce the bug? Create a user without access to some of the following list, would expect DNFOF setting to work, but it does not

What is the expected behavior? DNFOF should work

What is your host/environment?

Do you have any screenshots? If applicable, add screenshots to help explain your problem.

Do you have any additional context? Add any other context about the problem.

scrawfor99 commented 3 weeks ago

[Triage] Hi @derek-ho, thank you for filing this issue. This seems like a good addition based on the past discussion.