Internet user, permissions, roles and role mappings

Hello Everyone,

I am new to opensearch and have been tasked with getting it setup and working. I extracted the tarball, replaced the certificates, and created two user. The users can only create one index that is the same as their names.
I have tried creating roles and role mappings but I am getting this error:

{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for [indices:admin/create] and User [name=jeff, backend_roles=[index_full_read_write_access], requestedTenant=null]”}],“type”:“security_exception”,“reason”:"no permissions for [indices:admin/create] anddf207@perf-dedicate:/mnt/opensearch-1.2.0/plugins/opensearch-security/securityconfig

I read the documents but something is not clicking for me. Anyone assistance would be appreciated.

Hello @elmidwill

As per the error, your users are missing indices:admin/create privilege in their assigned role.

Thanks for the reply Pablo, and sorry about the delay. So does this mean that a user need indices:admin/create to create indices that are not their names? And does this give them access to other user created indices much like a typical admin user?

@elmidwill Would you mind sharing configs of the index_full_read_write_access role (roles.yml and roles_mapping.yml)?

Please also run the below command and send the result.

curl --insecure -u jeff -XGET https://<opensearch_node>:9200/_plugins/_security/authinfo?pretty

What type of authentication did you set? (basicauth,ldap,saml,openid etc…)