I am back with another question!
I am trying to create an internal user in Kibana with FGAC, through OpenDistro API.
I was able to create a user! Great!
But I got two concerns with that -
- The users that I’ve created are visible in the
internal-users section, but not able to filter by them in the Roles section.
- I am wondering if above point-1 is happening because, I did not map the Roles properly to the user I’ve created using this api call -
The documentation says you can pass the Roles using the parameter/attribute ‘roles’
But when I do that, I get a 400 error, the ‘doc’ prefix roles are not pre-defined ones -
"roles": ["readall_and_monitor", "doc_alerting_access", "doc_tenants"]
"reason": "Invalid configuration",
Can someone please help me understand what am I doing wrong, and help me fix this.
If I try to login with the newly created user -
which version of odfe are you using?
Can you change the “roles” to “opendistro_security_roles” and make sure the roles listed already exist in the security configuration.
Hope this helps
@Anthony Our Kibana sits on top of AWS Elasticsearch service. I am not exactly sure on the ODFE version. But running Kibana 7.10
But I followed your suggestion, and was able to create a user with ‘opendistro_security_roles’ (Should the API document reflect this change?) -
"message": "'new-user-1' created."
And, the weird part is that, I couldn’t see the user in the Roles section under ‘Internal users’ column.
But interestingly was able to login with the created test user and has all the access I assigned while making the api call.
Is that a bug in the UI?
Because, from the front-end I wont be able to check what roles the user is assigned with during an audit or something.
@psripathi glad you got it working, regarding a bug, yes, it would appear to be a bug, however I can confirm that UI reflects the new user using odfe, therefore the issue is with AWS ES service offering and I would recommend raising a AWS support ticket as this forum is for odfe and opensearch.
Regarding the documentation, I think its already updated, see docs here
Hope this helps
@Anthony Yep, thank you for checking this for me, looking back at the documentation link I referenced, it seems to be an old version of ODFE.
JFYI, this issue I am seeing with user mapping in UI is only for users created through api call, if I create a user from the front-end directly, this doesn’t seem to occur.
I am assuming we are on the same page here. So I will check with AWS support why this issue is occurring. I will try and update this post when I receive an update.
Thank you again!