🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields
What is the bug?
403 Forbidden error when attempting to open a dashboard page that performs an index search. The user has been granted read permission for this index.
How can one reproduce the bug?
Steps to reproduce the behavior:
Create index pattern: **example-***
Create dashboard that searches the index pattern **example-***
Create internal user: example_user
Map example_user to opensearch_dashboards_read_only role (Reference)
Create role example_role with following properties:
Login with example_user, attempt to access the dashboard
Error: page doesn't load
What is the expected behavior?
The user has been granted the permission, the dashboard page should load.
What is your host/environment?
OS: AWS-managed Opensearch
Version OpenSearch_2_13_R20240520-P2
Plugins: Default
Temporary solution
Grant the user read permission on the .kibana and .opensearch_dashboards index patterns.
Do you have any screenshots?
Screenshots depict a dashboard that queries the datastream demo-logs-kubernetesBefore applying temporary solution:After applying temporary solution:opensearch_dashboards_user compared to opensearch_dashboards_read_only
I would expect these permissions be granted as part of the opensearch_dashboards_read_only role
What is the bug? 403 Forbidden error when attempting to open a dashboard page that performs an index search. The user has been granted read permission for this index.
How can one reproduce the bug? Steps to reproduce the behavior:
What is the expected behavior? The user has been granted the permission, the dashboard page should load.
What is your host/environment?
Temporary solution Grant the user read permission on the .kibana and .opensearch_dashboards index patterns.
Do you have any screenshots? Screenshots depict a dashboard that queries the datastream demo-logs-kubernetes Before applying temporary solution:
After applying temporary solution:
opensearch_dashboards_user compared to opensearch_dashboards_read_only
![image](https://github.com/opensearch-project/security/assets/9630422/6d5f54d1-c6d3-4602-b0de-1d95126d18c8)
I would expect these permissions be granted as part of the opensearch_dashboards_read_only role