How to get only dashboards access from opensearch_dashboards_overview as well as from Dashboard menu in case of kibana_read_only user

sayalipatil9689 · January 6, 2025, 11:00am

Hi,

I have given user a backend role as kibana_ready_only, because of which he can only able to access. Refer below image. When I click on dashboards, it takes me to dashboard list page correctly.

But when I try to open dashboard from home page, it gives me Application not found error.

How to have access to dahsboards list from dashboards as well as from opensearch_dashboards_overview. But user should not have access to any other action than viewing the dashboards as he is having dashboard reader role

Eugene7 · January 6, 2025, 11:57am

Hi @sayalipatil9689,

Which version of OpenSearch and OpenSearch Dashboards are you using? Could you share the list of roles mapped to the user?

sayalipatil9689 · January 7, 2025, 5:40am

Hi,

Below is the custom role I have created which is mapped with kibana_read_only role.

roles.yml

reader:
reserved: false
hidden: false
cluster_permissions:

cluster_composite_ops_ro
‘cluster:admin/opensearch/ql/datasources/read’
index_permissions:
index_patterns:
- “test_index”
dls: “”
allowed_actions:
- ‘indices:admin/resolve/index’
- ‘indices:data/read/field_caps’
- ‘indices:data/read/search’
- ‘indices:data/read/get’
- ‘indices:admin/mappings/get’
- ‘indices:monitor/settings/get’
- ‘indices:admin/aliases/get’
- ‘indices:data/read/search*’
- ‘search’
- ‘read’
index_patterns:
- “.kibana*”
allowed_actions:
- ‘indices:data/read/search’
- ‘indices:data/write/update’
- ‘indices:data/write/index’
- ‘indices:data/write/bulk’
- ‘indices:data/read/get’
- ‘indices:data/read/mget[shard]’
  tenant_permissions:
- tenant_patterns:
  - “*”
    allowed_actions:
  - ‘read’
  - ‘write’
    static: false

roles_mapping.yml
kibana_read_only:
reserved: false
backend_roles:

“reader”
description: “Maps kibanauser to kibana_user”

reader:
reserved: false
backend_roles:

“reader”

Eugene7 · January 7, 2025, 1:07pm

Please share the output of the following commands:

GET _plugins/_security/api/internalusers/<your-username>

GET _plugins/_security/api/roles/reader

sayalipatil9689 · January 8, 2025, 5:12am

Sorry, but I am not having access to execute these two GET APIs in my project. I am having access to only yml files to add roles and map them. Hence shared the yml configurations for the same.

Eugene7 · January 8, 2025, 10:32am

@sayalipatil9689 ,

Have you applied changes for your configuration files?

sayalipatil9689 · January 21, 2025, 8:54am

Yes I checked that. But it is still giving an error and I think this is technical limitation of OpenSearch.

Topic		Replies	Views
How to add app permissions for OpenSearch dashboards? Security	2	41	January 6, 2025
Opensearch dashboard readnonly access OpenSearch	0	344	December 15, 2022
How does the "kibana_read_only" role work? OpenSearch Dashboards troubleshoot , configure	4	1285	July 14, 2023
Opensearch Security - Read only Role Security	19	1313	September 20, 2021
"Application Not Found" Error on Opensearch Dashboards Overview OpenSearch Dashboards troubleshoot , configure	5	1568	June 21, 2023

How to get only dashboards access from opensearch_dashboards_overview as well as from Dashboard menu in case of kibana_read_only user

Related topics