Hello everyone I use Opendistro release 1.10.1. Now I have defined two internal users (alice and bob). I have also defined roles for bob and alice.
For example:
I also have this issue. I update last week from 1.9 to 1.10. This seems to be a new “feature” in 1.10. I guess users could be given access to indices:admin/resolve/index but I don’t know what it does. It does not seem to be documented either in Permissions - Open Distro Documentation
The easy way to fix this would be to add "index_permission": [ { "index_patterns": [ "*" ], "allowed_actions": [ "indices:admin/resolve/index" ] } ] to a role that all Kibana users have access to. The downside of this is that all users that have access to this role can see the name of all indices in the cluster this includes the Kibana-user/tenant indices.
I have this problem too. But I use multi-tenancy and I want that users can create theirs index patterns themselves in Kibana. They can’t do this because they haven’t this permission (indices:admin/resolve/index). Most important that users must not see other indexes which not include theirs roles. Have you any idea how do this without this permission?
Hey all, although the permission does not appear in the console and cannot be added that way, you can add it via the API. Here I’m adding indices_all permission to the actual index pattern “test*” and the “indices:admin/resolve/index” permission to everything (*). Not ideal, but this seems to work.
This seems to solve the issue of not being able to create index pattern, however you might want to ensure the level of access is right for that user, prior to going to prod.
Hello Anthony, sorry for the late answer,
unfortunately, this solution doesn’t work for me. The user can still not able to create an index because no indices are displayed.
But if I include the following action
{
“index_patterns” : [
“*”
],
“dls” : “”,
“fls” : ,
“masked_fields” : ,
“allowed_actions” : [
“indices:admin/resolve/index”]
}
the index can be created. But the user sees also all other indices by the creation process, that I shouldn’t see.
I still don’t understand why it hasn’t been resolved for a long time ago.