Create user with opendistro_security_roles - not creating any rolemapping

orid · April 11, 2021, 3:09pm

Hi,
I am using OpenDistro 1.11.0.
When creating a user using REST api, it works when mapping the user to an existing role ‘exporter_role’ I’ve created previously:

PUT https://{{esHost}}:{{esPort}}/_opendistro/_security/api/internalusers/exporter_test
{
  "password": "******",
  "opendistro_security_roles" : [ "exporter_role" ]
}

I tested, and user indeed has access by the permissions of the ‘exporter_role’.

Why this API doesn’t create any rolemapping entity? Also, in Kibana, this mapping is not shown because the lack of rolemapping.
Is this a bug?
I can also add the rolemapping by API, and then it is shown in Kibana. But I am not sure if it is really needed or not.

PUT https://{{esHost}}:{{esPort}}/_opendistro/_security/api/rolesmapping/exporter_role
{
  "users" : ["exporter_test" ]
}

Thank you,
Ori.

Anthony · April 12, 2021, 6:37pm

Hi @orid
If you are creating user via API, the security_role is passed in attributes, therefore there is no exclusive mapping showing up in the UI.
If you want the mapping to show up in UI you will need to create it manually via API or configuration files. But there is no added benefit except the UI element.

orid · April 13, 2021, 7:18am

Thanks for the clarification, @Anthony / @pablo .

Topic		Replies	Views
Create users using API - unable to attach Roles while create Security	4	653	August 26, 2021
Create user with security roles using API Security	1	877	April 22, 2021
OpenDistro - Security - Roles or permissions for a user to create other users only Security	1	527	August 12, 2021
How to limit user/role access Security	3	1600	August 26, 2019
Alternative Admin Role not mapping as expected Security	1	430	March 16, 2021

Create user with opendistro_security_roles - not creating any rolemapping

Related Topics