Read only access to query workbench

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): OpenSearch Service 2.19

Describe the issue:

I’ve created readonly users to access our cluster that are able to read data using dev tools but they are unable to use the query workbench. If they try to query an index with something like “select * from data_idx;” they get “data_idx: no response, this query is not runnable.”

I’ve added them to the builtin role readall and modified it to add, among others the index permission indices:admin/get

What am I missing? I’ve tried all of the things I could find online.

I also tried creating a new role that had only cluster permissions cluster_composit_ops_ro and index permissions of index * of read and indices:admin/get and got the same results

Also, they can run the default query “SHOW tables LIKE ‘%’;” without errors

Hi @jhoff ,

Based on what you’re after the following should work for you. Feel free to test and let me know if you have any issues.

workbench_role:
  reserved: false
  hidden: false
  cluster_permissions:
  - "cluster_composite_ops_ro"
  - "cluster:monitor/state"
  - "cluster:monitor/health"
  - "cluster:admin/opensearch/ql/datasources/read"
  index_permissions:
  - index_patterns:
    - "*"
    dls: ""
    fls: []
    masked_fields: []
    allowed_actions:
    - "read"
    - "indices:monitor/settings/get"
    - "indices:monitor/stats"
    - "indices:admin/get"
    - "indices:admin/mappings/get"
    - "indices:admin/aliases/get"
  tenant_permissions:
  - tenant_patterns:
    - "global_tenant"
    allowed_actions:
    - "kibana_all_write"
  static: false

Leeroy.

1 Like

That worked! Thank u very much. I had most of those but was missing a few.

1 Like