Regular users are unable to create dashboard

Security
1

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
v 1.3.9

Describe the issue:
When regular and pre-defined “opensearch_dashboards_user” users try to create and save a dashboard, they get “Error on saving ‘sample_title_name’” message.

Configuration:
My role configuration is almost as same as the pre-defined “opensearch_dashboard_user”, but still does not work

  regular_user_role = {
    reserved = false
    hidden = false
    cluster_permissions = [
      "cluster_composite_ops",
      "cluster_monitor",
      "indices_monitor"
    ]
    index_permissions = [
      {
        index_patterns = [".opensearch*"],
        allowed_actions = ["read", "delete", "manage", "index"]
      }, 
      {
        index_patterns = [".tasks", ".management-beats"],
        allowed_actions = ["indices_all"]
      },
      {
        index_patterns = [
          "*"
        ]
        allowed_actions = [
          "read",
          "opensearch_dashboards_all_write"
        ]
      }
    ]
    tenant_permissions = [
      {
        tenant_patterns = [
          "*"
        ]
        allowed_actions = [
          "opensearch_dashboards_all_write"
        ]
      }
    ]
  }

However, if I add “index” in allowed actions for index “*”, then the users can save the dashboards alright. So looks like I am missing the correct index name to include in my role config? Anyone knows what I am missing ?

working config:
{
index_patterns = [
“*”
]
allowed_actions = [
“read”,
“index”
]
}

Relevant Logs or Screenshots:

2

Hey @mojawina

I was just working on this with my SSO users from Keycloak.
My solution was within this_post.

Basical for my user to create a dasboard, I had to set the custum Roles then map the user with the custum tenant.

4

Hi @mojawina

Could you please try to add more values for the index_patterns which are in the default kibana_user? You can find default the configuration for kibana_user below:

  "kibana_user" : {
    "reserved" : true,
    "hidden" : false,
    "description" : "Provide the minimum permissions for a kibana user",
    "cluster_permissions" : [
      "cluster_composite_ops"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          ".kibana",
          ".kibana-6",
          ".kibana_*",
          ".opensearch_dashboards",
          ".opensearch_dashboards-6",
          ".opensearch_dashboards_*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "read",
          "delete",
          "manage",
          "index"
        ]
      },
      {
        "index_patterns" : [
          ".tasks",
          ".management-beats",
          "*:.tasks",
          "*:.management-beats"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices_all"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : true
  }
5

Thank you, Gsmitt , that’s very informative.

And Thanks to Eugene7 as well, I tried but still no luck.