Describe the issue:
I have created a user with limited permissions to access some index patterns. After logging in with the above created user credentials, accessing index patterns to which it doesn’t have permission is giving ‘SEARCH ERROR’ instead of ‘PERMISSION ERROR’.
Relevant Logs or Screenshots:
{“log”:{“message”:“[security_exception]: no permissions for [indices:data/read/search] and User [name=chandana, backend_roles=[offline_access, ep-role, uma_authorization, kibanauser, default-roles-bssc], requestedTenant=null]”},“extension”:{“type”:“log”,“tags”:[“error”,“opensearch”,“data”],“pid”:146},“type”:“log”,“level”:“info”,“system”:“BSSC”,“systemid”:“3363716ae1c447e5b0ca626c6a0bf536”,“host”:“sa-bssc-dashboards-664f8c4db7-8gl79.sanjay”,“timezone”:“UTC”,“time”:“2023-04-26T16:40:26Z”}
I had that happen to myself. What I did was using my “admin” account , I created a new role and a action/permission group that were needed. Mapped the user/s to the role and added the ActionGroup to that role under Cluster permissions. I have found this to be easiest way for myself specially when adding more users to the same tenant.
EDIT: I forgot to say, I noticed when i do not map the user, it seams to default to the role “own_index”.
Here is an example of someusers mapped with full access.
hi,
The above issue is still persisting with Opensearch v2.9.0 version.
I have created a user with limited permissions to access certain index patterns. After logging in with the above created user credentials, accessing index patterns to which it doesn’t have permission is giving ‘SEARCH ERROR’ instead of ‘PERMISSION ERROR’.
