Issue with Fine-Grained Access Control in OpenSearch Security Analytics

Plugins Security Analytics
1

Hello OpenSearch Community,

I am trying to implement fine-grained access control in OpenSearch Security Analytics but am encountering an issue. Below are the steps I followed:

  1. Enabled the required setting to filter by backend roles:

    PUT /_cluster/settings
{
  "transient": {
    "plugins.security_analytics.filter_by_backend_roles": "true"
  }
}

  2. Created the following users with different backend roles:

    • User: alice
      PUT /_plugins/_security/api/internalusers/alice
{
  "password": "alice",
  "backend_roles": [
    "analyst"
  ],
  "attributes": {}
}
    • User: bob
      PUT /_plugins/_security/api/internalusers/bob
{
  "password": "bob",
  "backend_roles": [
    "human-resources"
  ],
  "attributes": {}
}

  3. Mapped the users to the security_analytics_full_access role:

    PUT /_plugins/_security/api/rolesmapping/security_analytics_full_access
{
  "backend_roles": [],
  "hosts": [],
  "users": [
    "alice",
    "bob"
  ]
}

I followed the instructions provided in the OpenSearch Security Analytics documentation:
OpenSearch Security Analytics Documentation.

Issue:

  • Using alice, I successfully created a custom log type.
  • However, after creation, alice cannot view the log type.
  • When I log in as the admin user, I can see the log type.

Question:
What configurations or steps might I be missing to ensure that alice can view the log type she created? How can I resolve this issue?

Any guidance would be greatly appreciated!

2

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.