Any thoughts or help is appreciated.
I have LDAP AUTHC and AUTHZ configured correctly and able to see the user backend roles. Users can login.
If my opendistro role has say app1_read has access to indexes *, then users can query the indexes in kibana.
I would like to have two roles app1_read and app2_read and segregate indexes.
app1_read can read indexes app1_idx1, app1_idx2
app2_read can read indexes app2_idx1, app2_idx2
If i have role index permissions to include Index * Permissions read, users can read all indexes from kibana.
The moment I add specific indexes and remove the Index , kibana Discover tab does not load and I see the following in the logs
app1_read has index permissions for app1 read
app2_read has index permissions for app2* read
[2021-01-07T14:30:51,870][INFO ][c.a.o.s.p.PrivilegesEvaluator] [wamapnap01] No index-level perm match for User [name=user1, backend_roles=[ B1, B2 ], requestedTenant=null] Resolved [aliases=[.kibana], allIndices=[.kibana_2], type s=[*], originalRequested=[.kibana], remoteIndices=] [Action [indices:data/read/search]] [RolesChecked [own_index, app1_read]]
[2021-01-07T14:30:51,870][INFO ][c.a.o.s.p.PrivilegesEvaluator] [wamapnap01] No permissions for [indices:data/read/search]
I am also confused on what cluster permission, index permissions to assign to roles. Is there a document or cheat sheet ?