Opensearch role creation for user with few index pattern permission only

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.16.0

Describe the issue:
I have created role to see few index pattern only like alb-logs*,cloudfront-logs*, i created the role and assign it to one user, but my user still can’t able to see the data, i will share the screenshot of role here,

Configuration:

Relevant Logs or Screenshots:


In permission given user, I’m getting this error


in data source it shows empty and can’t able to see the logs

Have you assigned cluster_composite_ops in the cluster_permissions section?

Yes, I provided cluster_composite_ops permission already, still i’m not able to see the specific index pattern logs

I think its trying to search through all indices. Create an index pattern that is selectable from the dropdown so that it is only querying accessible indices.

I created the index pattern, still i can’t able to see the indices

Hi @manojkumar.m,

Could you run the below in your Dev Tools and share the output:

GET _plugins/_security/authinfo

Best,
mj

{
“user”: “User [name=manoj, backend_roles=, requestedTenant=]”,
“user_name”: “manoj”,
“user_requested_tenant”: “”,
“remote_address”: “ip:47546”,
“backend_roles”: [
“”
],
“custom_attribute_names”: ,
“roles”: [
“own_index”,
“lumen-logs-view”
],
“tenants”: {
“manoj”: true,
“global_tenant”: false
},
“principal”: null,
“peer_certificates”: “0”,
“sso_logout_url”: null
}

Could you also run the below (this will require your admin access):

GET _plugins/_security/api/roles/lumen-logs-view

thanks,
mj

{
“status”: “FORBIDDEN”,
“message”: “No permission to access REST API: User manoj with Security roles [own_index, lumen-logs-view] does not have any role privileged for admin access. No client TLS certificate found in request”
}

You’ll need to log in with your admin user to run it.

best,
mj

{
“lumen-logs-view”: {
“reserved”: false,
“hidden”: false,
“cluster_permissions”: [
“cluster_composite_ops”
],
“index_permissions”: [
{
“index_patterns”: [
“alb-logs-"
],
“dls”: “”,
“fls”: [],
“masked_fields”: [],
“allowed_actions”: [
"indices:data/read/search
”,
“get”
]
}
],
“tenant_permissions”: [
{
“tenant_patterns”: [
“global_tenant”
],
“allowed_actions”: [
“kibana_all_read”
]
}
],
“static”: false
}
}