Index permitions with global index pattern not working

Hi everyone,
I’ve seen a similar topic, but quite different on the end, so I decided to create a new one.

I’m not gonna bother with implementation details, but i have the following scenario:

  • UserA has access to IndexA
  • UserB has access to IndexB

Without opendDistro_security integration I used to have an index pattern:

  • “Index*”

that I used to create a DashboardX/ViewX
Well this DashboardX (“Index*”) was accessible by userA and userB. However, respecting the permissions, userA would only see info in indexA and userB would only see info in IndexB.
This doesn’t seem to be the case. UserA can see an Index pattern “IndexA” but not “Index*”.

When I request to see index pattern Index* (in discovery for example) it crashes saying the user don’t have indices:data/read/search permissions.
I’m guessing elasticsearch is looking for both IndexA and IndexB and as one of them isn’t allowed it throws an error instead of returning one index (the correct one).

I’m curious to see if this happened to anyone else and maybe some workarounds.
Thank you in advance for any help.~

EDIT: A subset of this problem was solved here but I continue to have the case where an userC that has access to indexA and indexB. This userC can only see indexB for “index*” index pattern.

Hi @carlosvieira

do_not_fail_on_forbidden would be the solution to your first issue.

Regarding userC have you tried to disable do_not_fail_on_forbidden and check why it’s failing on indexA in logs.
Does userC has same privileges as userA to indexA?