Creating Role for having complete access to only specified indices

Hello All,
In our environment, we are using AWS OpenSearch and I have configured the authentication using the Keycloak SAML. So all the users list is provided in the Keycloak and is passed to the role as backend role
My question is:
We have alot of indices and I would like to configure the index level permissions where, an user have complete access to certain indices only. Could anyone help me here.

Thank you in advance…:slight_smile:

@schand not sure I fully understood your question.

The most straightforward way would be to have a special role (provided in Keycloak and passed in roles) for example backend_role_1.

You can then create a security role, something like below:

    - 'cluster_composite_ops'
    - index_patterns:
        - 'index_pattern_test'
        - "*"
    - tenant_patterns:
      - 'tenant1'
        - '*'

And finally map the backend role (backend_role_1) to security_role_1, like below:

  - "backend_role_1"

This should give you the necessary access. Also don’t forget to map the users to opensearch_dashboards_user or kibana_user.

You can check which roles were allocated to the user by selecting the user (top/right) and selecting “View roles and identities”, you should see the backend_role_1 under Backend Roles and security_role_1 under Roles

Hope this helps

Hello @Anthony

I can say, You understood the thing exactly as the solution is helping me in the way I expected.

Thanks a lot for helping me.

Could you also help me with Documentation of this kind of configurations info.

@schand Glad it helped, More information is available here