We are running OpenSearch domain on AWS, the Domain was v7.10 and we have successfully upgraded it to OpenSearch v1.0
We have the following scenario:
We create custom roles and custom tenants to allow teams to access their data that belong to their AWS accounts only.
When we create the role, we specified Document Level Security query similar to this
{
“terms”: {
"accountId": [
"xxxx",
"yyyy"
]
}
}
and we have mapped the users to the roles.
3. Before the upgrade, things were working as expected, but after upgrading to OpenSearch version, users assigned to the custom roles with DLS query always got this error
{“statusCode”:404,“error”:“Not Found”,“message”:“Saved object [config/1.0.0-SNAPSHOT] not found”}
4. When we remove the DLS query from the role, users are able to access the data.
What could be the reason for this error with DLS query in the Role definition?
We have contacted AWS Support and they are trying to regenerate the issue
I cannot get the exact query, because I cannot even use the Kibana any more after I made the change. Basically, I am trying something as simple as allowing the role to access all the people who have the same family name.
The issue was corrupted index during migration. AWS team was able to restore the index and then we noticed the DLS query need updates. I will posted the update query.
Sorry for late response
Having same issue but this is a fresh installation we are using opensearch 1.3.1 and dashboards 1.3.1,
We are able to make curl requests directly to opensearch cluster and get expected results but when we try to login through dashboards as the same user, we get 500 error in the browser and in the dashboard logs it says saved object config [1.3.1] not found
Could someone please help if you have faced this issue