Cluster and index permissions necessary for cross-cluster Alerting

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OpenSearch 2.17

Describe the issue:
We are not able to access cross-cluster Alerting management with any custom or reserved role except from the all_access reserved role. We would like to create a custom role that allows access to alerting including this feature.

Configuration:
Using SAML authentication for all clusters. The roles described bellow have been validated with mapped SAML groups as backend roles.

We have tried the following role configurations in the source cluster to try and access the feature:

  • all_access - as desired using this reserved role the Select Clusters option is shown and available in the create/ update alert options. The _dashboards/api/alerting/remote/indexes endpoint returns both local and remote indexes.
  • all_access role duplicate - the role has the same config as theall_access role with all cluster and index permissions. Using this role the Select Clusters option is shown in the create/ update alert options, but is disabled. The _dashboards/api/alerting/remote/indexes returns only local indexes.
  • a custom role with same permissions as alerting_full_access + the cluster permission cluster:admin/opensearch/alerting/remote/indexes/get (the permission is not available in the UI, but is documented in Permissions - OpenSearch Documentation - using this role the Select Clusters option is shown in the create/ update alert options, but is disabled. The _dashboards/api/alerting/remote/indexes returns only local indexes.

The remote clusters have a custom role with view only rights, that is mapped to the same SAML group as the above roles in the primary cluster:

        "opensearch_viewers": {
            "reserved": false,
            "hidden": false,
            "cluster_permissions": [
                "cluster_composite_ops_ro"
            ],
            "index_permissions": [
                {
                    "index_patterns": [
                        "*"
                    ],
                    "dls": "",
                    "fls": [],
                    "masked_fields": [],
                    "allowed_actions": [
                        "read",
                        "indices:data/read/search*",
                        "indices:admin/shards/search_shards"
                    ]
                },
                {
                    "index_patterns": [
                        ".kibana*",
                        ".opensearch_dashboards*"
                    ],
                    "dls": "",
                    "fls": [],
                    "masked_fields": [],
                    "allowed_actions": [
                        "read",
                        "indices:admin/shards/search_shards"
                    ]
                }
            ],
            "tenant_permissions": [
                {
                    "tenant_patterns": [
                        "global_tenant"
                    ],
                    "allowed_actions": [
                        "kibana_all_read"
                    ]
                }
            ],
            "static": false
        }