Create user with opendistro_security_roles - not creating any rolemapping

orid · April 11, 2021, 3:09pm

Hi,
I am using OpenDistro 1.11.0.
When creating a user using REST api, it works when mapping the user to an existing role ‘exporter_role’ I’ve created previously:

PUT https://{{esHost}}:{{esPort}}/_opendistro/_security/api/internalusers/exporter_test
{
  "password": "******",
  "opendistro_security_roles" : [ "exporter_role" ]
}

I tested, and user indeed has access by the permissions of the ‘exporter_role’.

Why this API doesn’t create any rolemapping entity? Also, in Kibana, this mapping is not shown because the lack of rolemapping.
Is this a bug?
I can also add the rolemapping by API, and then it is shown in Kibana. But I am not sure if it is really needed or not.

PUT https://{{esHost}}:{{esPort}}/_opendistro/_security/api/rolesmapping/exporter_role
{
  "users" : ["exporter_test" ]
}

Thank you,
Ori.

Anthony · April 12, 2021, 6:37pm

Hi @orid
If you are creating user via API, the security_role is passed in attributes, therefore there is no exclusive mapping showing up in the UI.
If you want the mapping to show up in UI you will need to create it manually via API or configuration files. But there is no added benefit except the UI element.

orid · April 13, 2021, 7:18am

Thanks for the clarification, @Anthony / @pablo .

Topic		Replies	Views
Create users using API - unable to attach Roles while create Security	4	769	August 26, 2021
Create user with security roles using API Security	1	924	April 22, 2021
OpenDistro - Security - Roles or permissions for a user to create other users only Security	1	655	August 12, 2021
How to limit user/role access Security	3	1684	August 26, 2019
Trying to restrict access to users so they only have dashboard access only Security	5	28	October 31, 2024

Create user with opendistro_security_roles - not creating any rolemapping

Related topics