Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch 2.17.1
Describe the issue:
Can we create Read_only or design role without using custom opensearch roles? like Kibana_read_only or Kibana_user
Configuration:
I have created 2 roles
1.Advanced reader (read only)
2.Designer roles (kibana edit)
with providing below config in roles_mappings.yml
designer:
reserved: false
backend_roles:
advanced_reader:
reserved: false
backend_roles:
kibana_read_only:
reserved: false
backend_roles:
- “advanced_reader”
description: “Maps kibanauser to kibana_user”
kibana_user:
reserved: false
backend_roles:
- “designer”
description: “Maps kibanauser to kibana_user”
Relevant Logs or Screenshots:
@amolusare can you elaborate on what you want these users to be able to do/see. And do you mean you dont want to use built in roles, but instead want to use custom roles?
Hello @Anthony ,
I want to create custom read only role (which will enable only dashboard section in right side panel
and by doing this currently i have mapped this my custom role to kibana_read_only reserved role :
[
kibana_read_only:
reserved: false
backend_roles:
- “advanced_reader”
description: “Maps kibanauser to kibana_user”
]
without this in role_mapping.yml i’m not able to achive read only mode.
so i want to create separate read only role, independent on kibana_read_only role.
can we do this?
also please share roles.yml config for ‘kibana_read_only’ role
Thanks!!
@amolusare the read only roles can be configured using the following configuration in opensearch.yml file:
opensearch_security.readonly_mode.roles: [kibana_read_only]
The role itself doesnt grant permissions to individual indices, this would need to be configured using another role. When you add the new custom read only role to the above, the user will only have access to the dashboards and will only be able to see the data from indices that they have access to.
1 Like