Hello All,
In our environment, we are using AWS OpenSearch and I have configured the authentication using the Keycloak SAML. So all the users list is provided in the Keycloak and is passed to the role as backend role
My question is:
We have alot of indices and I would like to configure the index level permissions where, an user have complete access to certain indices only. Could anyone help me here.
Thank you in advance…
@schand not sure I fully understood your question.
The most straightforward way would be to have a special role (provided in Keycloak and passed in roles) for example backend_role_1.
You can then create a security role, something like below:
security_role_1:
cluster_permissions:
- 'cluster_composite_ops'
index_permissions:
- index_patterns:
- 'index_pattern_test'
allowed_actions:
- "*"
tenant_permissions:
- tenant_patterns:
- 'tenant1'
allowed_actions:
- '*'
And finally map the backend role (backend_role_1) to security_role_1, like below:
security_role_1:
backend_roles:
- "backend_role_1"
This should give you the necessary access. Also don’t forget to map the users to opensearch_dashboards_user or kibana_user.
You can check which roles were allocated to the user by selecting the user (top/right) and selecting “View roles and identities”, you should see the backend_role_1 under Backend Roles and security_role_1 under Roles
Hope this helps
Hello @Anthony
I can say, You understood the thing exactly as the solution is helping me in the way I expected.
Thanks a lot for helping me.
Could you also help me with Documentation of this kind of configurations info.