Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OpenSearch Operator: 2.7.0
OpenSearch Cluster: 2.7.0
OpenSearch: 2.18.0
OpenSearch Dashboard: 2.18.0
Describe the issue:
The documentation here talks about visiting Security->Roles->..
for managing roles & users from the OpenSearch Dashboard. However, I do not have any pages named, security…
I am trying to verify why my backend role (MyBackendRole_A) has not assigned me the role “manage_snapshots” even though I have assigned it. See config below.
MyBackendRole_B assigns “all_access” to me.
Configuration:
roles_mapping.yml
_meta:
type: "rolesmapping"
config_version: 2
# Maps admin to all_access
all_access:
reserved: false
backend_roles:
- "admin"
- "MyBackendRole_B"
description: "Maps admin, and Developers to All Access"
# Allow full access to an index named like the username
own_index:
reserved: false
users:
- "*"
description: "Allows users to have an index in their own name"
# Maps kibanauser to kibana_user
kibana_user:
reserved: false
backend_roles:
- "kibanauser"
readall:
reserved: false
backend_roles:
- "readall"
manage_snapshots:
reserved: false
backend_roles:
- "snapshotrestore"
- "MyBackendRole_A"
# Maps kibana_server to kibanaserver
kibana_server:
reserved: true
users:
- "kibanaserver"
# Maps logstash to logstash
logstash_minimum_index_permissions:
reserved: true
users:
- "logstash"
logstash:
reserved: true
users:
- "logstash"
helm cluster additional config (opensearch.yml equivalent)
cluster.name: "opensearch-cluster"
network.host: "0.0.0.0"
plugins.security.ssl_cert_reload_enabled: "true"
plugins.security.allow_unsafe_democertificates: "false"
plugins.security.allow_default_init_securityindex: "true"
plugins.security.audit.type: "internal_opensearch"
plugins.security.enable_snapshot_restore_privilege: "true"
plugins.security.check_snapshot_restore_write_privileges: "true"
plugins.security.restapi.roles_enabled: |
['all_access', 'security_rest_api_access']
plugins.security.system_indices.enabled: "true"
plugins.security.system_indices.indices: |
[
".opendistro-alerting-config",
".opendistro-alerting-alert*",
".opendistro-anomaly-results*",
".opendistro-anomaly-detector*",
".opendistro-anomaly-checkpoints",
".opendistro-anomaly-detection-state",
".opendistro-reports-*",
".opendistro-notifications-*",
".opendistro-notebooks",
".opendistro-asynchronous-search-response*",
]
plugins.security.ssl.transport.enabled: "true"
plugins.security.ssl.transport.pemcert_filepath: "tls-transport/tls.crt"
plugins.security.ssl.transport.pemkey_filepath: "tls-transport/tls.key"
plugins.security.ssl.transport.pemtrustedcas_filepath: "tls-transport/ca.crt"
plugins.security.ssl.transport.enforce_hostname_verification: "false"
plugins.security.ssl.transport.truststore_filepath: "/usr/share/opensearch/config/truststore/cacerts.jks"
plugins.security.ssl.http.enabled: "true"
plugins.security.ssl.http.pemcert_filepath: "tls-http/tls.crt"
plugins.security.ssl.http.pemkey_filepath: "tls-http/tls.key"
plugins.security.ssl.http.pemtrustedcas_filepath: "tls-http/ca.crt"
plugins.security.ssl.http.truststore_filepath: "/usr/share/opensearch/config/truststore/cacerts.jks"
s3.client.default.endpoint: s3.endpoint
s3.client.default.path_style_access: "true"
s3.client.default.protocol: https
s3.client.default.region: RegionOne
Relevant Logs or Screenshots:
No Security Page ^