Security roles mapping question

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Opensearch 2.11

Describe the issue:
Hi!
I’m learning opensearch security and i have one question
When i receive JWT token and when AuthCredentials fill, where in code security maps backend roles to internal roles? I’m quite stuck with this question

Hi @nerx322

You can add a backend role to an internal role in the Roles section in the OpenSearch Dashboards.
To do that, you need to open the OpenSearch Dashboard Menu, and click on Security. After that, please click on Roles and find your internal role:

Click on the role name and open the tab Mapped users:

On the page that you have just opened, you can map a user or a backend role to the internal role. Click on the Manage mapping button and type your backend role:

After that, please click on the Map button.

Thanks!
But my question was rather addressed to the code/server side of opensearch, like where in the java code does it map the internal roles to the received backend roles

You can add changes to the roles_mapping.yml file or you can use REST API. At the following documentation, you can find an example how to add a backend role to the internal role:

If you decide to make changes to the roles_mapping.yml file, please find out how to apply changes and make backup: