Read only role on multitenant Opensearch Dashboards

OpenSearch Dashboards
1

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch dashboard & opensearch 2.17.1

Describe the issue:

Hello,
I’m trying to configure a role so that a user can only view dashboards for a specific tenant in my application. Unfortunately, it’s not possible to assign a tenant to the kibana_read _only role, and when I duplicate the role to add the tenant, it gives access to all tenants again. When I combine the kibana_read_only role with another role that has access only to the specific tenant, it visually appears to work, but I get errors on my dashboards. Has anyone encountered this problem before ?

Configuration:

Multi-tenant

Relevant Logs or Screenshots:

2

Hi @Akinator,

Have you tried duplicating the role, modifying the Tenant permissions section and then mapping a new role to a corresponding tenant user?

image
image1493×746 70.6 KB

Best,
mj

3

Hi,

Yes, it works, but there are errors in my visualization.

image
image1499×808 28.3 KB

[opensearchaggs] > Forbidden

Thanks for your answer
Best,
Akinator

4

You`ll need to add read permission to the role of the index that your visualization is using.

best,
mj

5

Thanks a lot!

So, if I understand correctly, we need to add the appropriate indexes for each user every time? That doesn’t seem very modular. Is it possible to create roles with each index and then aggregate them for the user without causing any bugs?

If that’s the case, we could automate this step, allowing for custom roles to be automatically composed.

best,
Akinator