Read only role on multitenant Opensearch Dashboards

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch dashboard & opensearch 2.17.1

Describe the issue:

Hello,
I’m trying to configure a role so that a user can only view dashboards for a specific tenant in my application. Unfortunately, it’s not possible to assign a tenant to the kibana_read _only role, and when I duplicate the role to add the tenant, it gives access to all tenants again. When I combine the kibana_read_only role with another role that has access only to the specific tenant, it visually appears to work, but I get errors on my dashboards. Has anyone encountered this problem before ?

Configuration:

Multi-tenant

Relevant Logs or Screenshots:

Hi @Akinator,

Have you tried duplicating the role, modifying the Tenant permissions section and then mapping a new role to a corresponding tenant user?

Best,
mj

Hi,

Yes, it works, but there are errors in my visualization.


[opensearchaggs] > Forbidden

Thanks for your answer
Best,
Akinator

You`ll need to add read permission to the role of the index that your visualization is using.

best,
mj

Thanks a lot!

So, if I understand correctly, we need to add the appropriate indexes for each user every time? That doesn’t seem very modular. Is it possible to create roles with each index and then aggregate them for the user without causing any bugs?

If that’s the case, we could automate this step, allowing for custom roles to be automatically composed.

best,
Akinator