Older user mappings are getting wiped out on using API to add new role mappings

Security
1

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

when adding role mappings to the opensearch via API previous role maping are gettimg wiped out

we have tried using bot the below manetioned API.
if we have to append the previous list of users with a new user, all the previous role mapping(user) mapped to the role are getting removed.

PUT _plugins/_security/api/rolesmapping/
PATCH _plugins/_security/api/rolesmapping/
[
{
“op”: “add”, “path”: “/users”, “value”: [“mynewuser”]
}]

Describe the issue:

Configuration:

Relevant Logs or Screenshots:

2

Hello @rhtbansal - what version is the happening on?

3

We are using 2.2 version of opensearch

4

@rhtbansal Your API works as expected as you’re sending an array instead of a single element.

Try the below if you’d like to add a user to the end of the array.

curl --insecure -H "Content-Type: application/json" -u admin:admin -XPATCH https://localhost:9200/_plugins/_security/api/rolesmapping/<role_name> -d ' 
 
[{ 
 
  "op":"add", "path":"/users/-", "value": "<user_name>" 
 
}] 
 
'

Also, you can add the user in the specific place of the user’s array.

curl --insecure -H "Content-Type: application/json" -u admin:admin -XPATCH https://localhost:9200/_plugins/_security/api/rolesmapping/<role_name> -d ' 
 
[{ 
 
  "op":"add", "path":"/users/0", "value": "<user_name>" 
 
}] 
 
'
1 Like
5

It worked, thanks for your help.

1 Like