@Pan-Vad According to your description you’ve mapped the following roles as backend roles.
- "reports_full_access"
- "asynchronous_search_full_access"
- "kibana_user"
That won’t work. The backend role for kibana user is kibanauser instead of kibana_user.
The other 2 roles must be either mapped to the user in roles_mapping.yml or internalusers.yml as OpenSearch role.
You don’t have tenant permission but this could be due to the fact that you don’t use them. Otherwise you must include kibana_all_write permission for the tenant to enable Reporting in Discovery view.
I’ve simplified your role and assigned roles and backend roles in internalusers.yml
roles.yml
GISAP-index2:
reserved: false
hidden: false
cluster_permissions:
- "cluster_composite_ops_ro"
- "cluster_monitor"
index_permissions:
- index_patterns:
- "logs-*"
- "gtsr-syslog-*"
- "gtsr-beats-*"
fls: []
masked_fields: []
allowed_actions:
- "indices:data/read/search"
- "indices:data/read/get"
- "indices:data/read/explain"
- "indices:monitor/settings/get"
tenant_permissions:
- tenant_patterns:
- "global_tenant"
allowed_actions:
- "kibana_all_write"
static: false
internal_users.yml
pablo:
hash: "$2y$12$7Uo4/fxQQD0u1bUMficVueL/tJj4VokelQqqOEuxrNFHT7/7ajqjG"
reserved: false
hidden: false
backend_roles:
- "kibanauser"
attributes: {}
opendistro_security_roles:
- "reports_full_access"
- "asynchronous_search_full_access"
Alternatively, you can assign a user to the roles with roles_mapping.yml
asynchronous_search_full_access:
hosts: []
users:
- "pablo"
reserved: false
hidden: false
backend_roles: []
and_backend_roles: []
reports_full_access:
hosts: []
users:
- "pablo"
reserved: false
hidden: false
backend_roles: []
and_backend_roles: []
kibana_user:
hosts: []
users:
- "pablo"
reserved: false
hidden: false
backend_roles:
- "kibanauser"
and_backend_roles: []
description: "Maps kibanauser to kibana_user"