Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): v 2.13.0
Describe the issue:
We are running the current v2.13 Opensearch Dashboards.
Currently facing the issue that only Admins with the all_access role can see the option to select the default or custom vector maps when creating a Region Map visualization.
There is no documentation on which cluster or index permission is needed to allow this possibility.
Any idea here?
See the different views in the attached screenshots
Configuration:
We do not want all users to have the all_access role on our cluster.
We would like to refine the permissions needed and restrict access via a custom role.
We have already tried granting full observability access permission but this did not change anything.
@Alfred_Bwire Did you resolve this issue?
I’ve found that adding cluster:monitor/health and cluster:monitor/state permissions at the role’s cluster level does the trick.
opensearch-node1_2.15.0 | [2024-08-15T00:21:31,032][INFO ][o.o.s.p.PrivilegesEvaluator] [opensearch-node1] No cluster-level perm match for User [name=pablo, backend_roles=[kibanauser], requestedTenant=] Resolved [aliases=[], allIndices=[], types=[*], originalRequested=[*-map], remoteIndices=[]] [Action [cluster:monitor/state]] [RolesChecked [pablopablo, own_index, kibana_user]]. No permissions for [cluster:monitor/state]
opensearch-node1_2.15.0 | [2024-08-15T00:21:31,033][INFO ][o.o.s.p.PrivilegesEvaluator] [opensearch-node1] No cluster-level perm match for User [name=pablo, backend_roles=[kibanauser], requestedTenant=] Resolved [aliases=[], allIndices=[], types=[*], originalRequested=[*-map], remoteIndices=[]] [Action [cluster:monitor/health]] [RolesChecked [pablopablo, own_index, kibana_user]]. No permissions for [cluster:monitor/health]
