Failed in query data with ssl

Security
,
1

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):3.1.0

Describe the issue:i set user ,role and role mapping ,but cannot query data

my role is :

curl -X GET “https:/localhost:9200/_plugins/_security/api/roles/dev_role?pretty”
-u ‘admin:passwd’
–cacert /home/opensearch/opensearch-3.1.0/certs/root-ca.pem
–cert /home/opensearch/opensearch-3.1.0/certs/admin.pem --key /home/opensearch/opensearch-3.1.0/certs/admin-key.pem
{
“dev_role” : {
“reserved” : false,
“hidden” : false,
“cluster_permissions” : [
“cluster_monitor”
],
“index_permissions” : [
{
“index_patterns” : [
“pps-*”
],
“fls” : ,
“masked_fields” : ,
“allowed_actions” : [
“read”,
“search”,
“index”
]
}
],
“tenant_permissions” : ,
“static” : false
}
}

rolemapping is :

curl -X GET _plugins/security/api/rolesmapping/dev_role?pretty -u ‘admin:passwd’
–cacert /home/opensearch/opensearch-3.1.0/certs/root-ca.pem
–cert /home/opensearch/opensearch-3.1.0/certs/admin.pem --key /home/opensearch/opensearch-3.1.0/certs/admin-key.pem
{
“dev_role” : {
“hosts” : [
“*”
],
“users” : [
“dev_user”
],
“reserved” : false,
“hidden” : false,
“backend_roles” : [
“C=CN,ST=GUANGDONG….”
],
“and_backend_roles” :
}
}

user is:
curl -X GET\_plugins/\_security/api/internalusers/dev_user?pretty
-u ‘admin:passwd’
–cacert /home/opensearch/opensearch-3.1.0/certs/root-ca.pem
–cert /home/opensearch/opensearch-3.1.0/certs/admin.pem --key /home/opensearch/opensearch-3.1.0/certs/admin-key.pem
{
“dev_user” : {
“hash” : “”,
“reserved” : false,
“hidden” : false,
“backend_roles” : [
“dev_role”
],
“attributes” : { },
“opendistro_security_roles” : ,
“static” : false
}
}

curl -XGET --cacert /home/opensearch/opensearch-3.1.0/certs/root-ca.pem
-u ‘dev_user:passwd’
–cert /home/opensearch/opensearch-3.1.0/certs/developer.pem --key /home/opensearch/opensearch-3.1.0/certs/developer-key.pem
https://localhost:9200/pps_a/\_search”

{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for [indices:data/read/search] and User [name=dev_user, backend_roles=[dev_role],
requestedTenant=null]”}],“type”:“security_exception”,“reason”:“no permissions for [indices:data/read/search] and User [name=dev_user, backend_roles=[dev_role],
requestedTenant=null]”},“status”:403}

Configuration:

Relevant Logs or Screenshots:

2

@liu Is there any reason you are using basicauth (username and password) on top of certificates?

Regarding the missing permissions, it seems your role has permissions for indices starting with pps-, but the index you are searching is pps_