I’m currently testing odfe v 1.11.0 with multitenancy support. I have created a role and mapped some users/backand-external to it. While defining the index permission i.e. crud, indices_all, index with index pattern index-name-* it doesn’t show anything to the users (only “Couldn’t find any Elasticsearch data
You’ll need to index some data into Elasticsearch before you can create an index pattern.”). But whenever I put only * with the same permission it allows users to create an index pattern.
Did someone else experience the same issue? or am I missing any of the permission/action-role to that specific index? I even tested setting up unlimited but it didn’t work either.
Thanks a lot, @oscark for your reply. Indeed, it seems the same issue . Was wondering how we can (for now) manually add that resolve permission to that role/index-permission without specifying *? I mean, in case we specify * it will allow everyone to touch other’s indices and see everything.
Is there a way to use REST API to PUT such permission to that role/index?
Will be watching the discussion on that issue as well.
I am facing the same issue. Unfortunately the link to the GitHub issue is broken, so I can’t see the full resolution. I tried doing a GET /_resolve/index/* request in the Dev Tools console and got an error that indices:admin/resolve/index is missing. Fair enough I thought, just have to add that permission. However, that permission doesn’t seem to exist.
EDIT: The OpenDistro Docs do list the permission indices:admin/resolve/index, but it is not visible in my security plugin. I am using AWS Elasticsearch 7.9 (not sure how I can tell which version of OpenDistro that corresponds to).
You can should be able to create new action group and the permission to the action group from Kibana, or you could use the API or the securityadmin.sh command.
TL;DR: Use the API to set the required permission on the role.
In the end I ended up following the solution suggested in this post. The UX is currently broken and doesn’t allow adding this permission. It works through the API though.
great, thanks a lot for sharing it. Maybe we should also promote this so that this permission is allowed via Open Search Dashboards in the feature release. Not sure if this is already on the roadmap. It is must-have permission for those users who have access to their indices but can’t create their index-pattern-*.