{ "statusCode": 500, "error": "Internal Server Error", "message": "An internal server error occurred." }

sdas018 · October 17, 2024, 8:17am

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Describe the issue:

I have build opensearch cluster with version 2.7.0 cluster is running fine and health and i have created below role and user to provide read access to my index but i am getting “{ “statusCode”: 500, “error”: “Internal Server Error”, “message”: “An internal server error occurred.” }” after adding Field level security for this field “kubernetes.node.name”

Role name - readonly
Cluster Permission - cluster_composite_ops_ro
Index Permission - Read and Search
Field Level Security - Include - kubernetes.node.name
Tenant - Global Tenant

Configuration:
I am using helm chart with below values file
clusterName: opensearch-dev
namespace: oss-ns
opensearchCluster:
enabled: true
general:
httpPort: “9200”
version: 2.7.0
serviceName: opensearch-dev
drainDataNodes: false
setVMMaxMapCount: true
# podSecurityContext:
# runAsUser: 1000
# runAsGroup: 1000
dashboards:
enable: true
replicas: 1
version: 2.7.0
podSecurityContext:
runAsUser: 1000
runAsGroup: 1000
securityContext:
capabilities:
drop:
- ALL
fsGroup: 1000
runAsNonRoot: true
resources:
requests:
memory: “1Gi”
cpu: “500m”
limits:
memory: “1Gi”
cpu: “500m”
additionalConfig:
opensearch.requestHeadersAllowlist: “["securitytenant","Authorization"]”
opensearch_security.multitenancy.enabled: “true”
opensearch_security.multitenancy.tenants.enable_global: “true”
opensearch_security.multitenancy.tenants.enable_private: “false”
opensearch_security.multitenancy.tenants.preferred: “["Global"]”
opensearch_security.multitenancy.enable_filter: “true”
initHelper:
imagePullSecrets:
imagePullPolicy: IfNotPresent
resources: {}
requests:
memory: “1Gi”
cpu: “500m”
limits:
memory: “1Gi”
cpu: “500m”
nodePools:
- component: masters
diskSize: “20Gi”
replicas: 5
roles:
- “cluster_manager”
- “data”
resources:
requests:
memory: “2Gi”
cpu: “500m”
limits:
memory: “2Gi”
cpu: “500m”
security:
tls:
transport:
generate: true
http:
generate: true

Relevant Logs or Screenshots:

{
“statusCode”: 500,
“error”: “Internal Server Error”,
“message”: “An internal server error occurred.”
}

dashboard logs

{“type”:“response”,“@timestamp”:“2024-10-17T07:46:03Z”,“tags”:,“pid”:453,“method”:“get”,“statusCode”:500,“req”:{“url”:“/”,“method”:“get”,“headers”:{“host”:“localhost:5601”,“connection”:“keep-alive”,“sec-ch-ua”:“"Google Chrome";v="129", "Not=A?Brand";v="8", "Chromium";v="129"”,“sec-ch-ua-mobile”:“?0”,“sec-ch-ua-platform”:“"Windows"”,“upgrade-insecure-requests”:“1”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36”,“accept”:“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7”,“sec-fetch-site”:“same-origin”,“sec-fetch-mode”:“navigate”,“sec-fetch-user”:“?1”,“sec-fetch-dest”:“document”,“referer”:“http://localhost:5601/app/login?nextUrl=%2F",“accept-encoding”:"gzip, deflate, br, zstd”,“accept-language”:“en-US,en;q=0.9”,“securitytenant”:“”},“remoteAddress”:“127.0.0.1”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36”,“referer”:“http://localhost:5601/app/login?nextUrl=%2F"},“res”:{“statusCode”:500,“responseTime”:15,“contentLength”:9},“message”:"GET / 500 15ms - 9.0B”}

Mantas · October 17, 2024, 4:05pm

Hi @sdas018,

Can you run the below and share the output:

curl -XGET "http://localhost:9200/_plugins/_security/api/roles/readonly"

Best,
mj

sdas018 · October 18, 2024, 5:58am

@Mantas ,

Thanks for your reply !!

i didn’t get any response for “readonly”.

https://localhost:9200/_plugins/_security/api/roles/readonly?pretty

{
“status” : “NOT_FOUND”,
“message” : “Resource ‘readonly’ not found.”
}

but i got response for the below

{
“security_analytics_ack_alerts”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opensearch/securityanalytics/alerts/"
],
“index_permissions”: [],
“tenant_permissions”: [],
“static”: false
},
“observability_read_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opensearch/observability/get”
],
“index_permissions”: [],
“tenant_permissions”: [],
“static”: false
},
“kibana_user”: {
“reserved”: true,
“hidden”: false,
“description”: “Provide the minimum permissions for a kibana user”,
“cluster_permissions”: [
“cluster_composite_ops”
],
“index_permissions”: [
{
“index_patterns”: [
“.kibana”,
“.kibana-6”,
".kibana_”,
“.opensearch_dashboards”,
“.opensearch_dashboards-6”,
“.opensearch_dashboards_"
],
“fls”: [],
“masked_fields”: [],
“allowed_actions”: [
“read”,
“delete”,
“manage”,
“index”
]
},
{
“index_patterns”: [
“.tasks”,
“.management-beats”,
":.tasks”,
“:.management-beats"
],
“fls”: [],
“masked_fields”: [],
“allowed_actions”: [
“indices_all”
]
}
],
“tenant_permissions”: [],
“static”: true
},
“own_index”: {
“reserved”: true,
“hidden”: false,
“description”: “Allow all for indices named like the current user”,
“cluster_permissions”: [
“cluster_composite_ops”
],
“index_permissions”: [
{
“index_patterns”: [
“${user_name}”
],
“fls”: [],
“masked_fields”: [],
“allowed_actions”: [
“indices_all”
]
}
],
“tenant_permissions”: [],
“static”: true
},
“alerting_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster_monitor”,
"cluster:admin/opendistro/alerting/”,
“cluster:admin/opensearch/alerting/",
“cluster:admin/opensearch/notifications/feature/publish”
],
“index_permissions”: [
{
“index_patterns”: [
"”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“indices_monitor”,
“indices:admin/aliases/get”,
“indices:admin/mappings/get”
]
}
],
“tenant_permissions”: ,
“static”: false
},
“snapshot_management_read_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opensearch/snapshot_management/policy/get”,
“cluster:admin/opensearch/snapshot_management/policy/search”,
“cluster:admin/opensearch/snapshot_management/policy/explain”,
“cluster:admin/repository/get”,
“cluster:admin/snapshot/get”
],
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“all_access”: {
“reserved”: true,
“hidden”: false,
“description”: “Allow full access to all indices and all cluster APIs”,
“cluster_permissions”: [
“"
],
“index_permissions”: [
{
“index_patterns”: [
"”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“"
]
}
],
“tenant_permissions”: [
{
“tenant_patterns”: [
"”
],
“allowed_actions”: [
“kibana_all_write”
]
}
],
“static”: true
},
“alerting_read_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opendistro/alerting/alerts/get”,
“cluster:admin/opendistro/alerting/destination/get”,
“cluster:admin/opendistro/alerting/monitor/get”,
“cluster:admin/opendistro/alerting/monitor/search”,
“cluster:admin/opensearch/alerting/findings/get”
],
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“cross_cluster_replication_follower_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/plugins/replication/autofollow/update”
],
“index_permissions”: [
{
“index_patterns”: [
“"
],
“fls”: [],
“masked_fields”: [],
“allowed_actions”: [
“indices:admin/plugins/replication/index/setup/validate”,
“indices:data/write/plugins/replication/changes”,
“indices:admin/plugins/replication/index/start”,
“indices:admin/plugins/replication/index/pause”,
“indices:admin/plugins/replication/index/resume”,
“indices:admin/plugins/replication/index/stop”,
“indices:admin/plugins/replication/index/update”,
“indices:admin/plugins/replication/index/status_check”
]
}
],
“tenant_permissions”: [],
“static”: false
},
“manage_snapshots”: {
“reserved”: true,
“hidden”: false,
“description”: “Provide the minimum permissions for managing snapshots”,
“cluster_permissions”: [
“manage_snapshots”
],
“index_permissions”: [
{
“index_patterns”: [
"”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“indices:data/write/index”,
“indices:admin/create”
]
}
],
“tenant_permissions”: ,
“static”: true
},
“logstash”: {
“reserved”: true,
“hidden”: false,
“description”: “Provide the minimum permissions for logstash and beats”,
“cluster_permissions”: [
“cluster_monitor”,
“cluster_composite_ops”,
“indices:admin/template/get”,
“indices:admin/template/put”,
“cluster:admin/ingest/pipeline/put”,
“cluster:admin/ingest/pipeline/get”
],
“index_permissions”: [
{
“index_patterns”: [
“logstash-"
],
“fls”: [],
“masked_fields”: [],
“allowed_actions”: [
“crud”,
“create_index”
]
},
{
“index_patterns”: [
“beat”
],
“fls”: [],
“masked_fields”: [],
“allowed_actions”: [
“crud”,
“create_index”
]
}
],
“tenant_permissions”: [],
“static”: true
},
“observability_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opensearch/observability/create”,
“cluster:admin/opensearch/observability/update”,
“cluster:admin/opensearch/observability/delete”,
“cluster:admin/opensearch/observability/get”
],
“index_permissions”: [],
“tenant_permissions”: [],
“static”: false
},
“point_in_time_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [],
“index_permissions”: [
{
“index_patterns”: [
"”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“manage_point_in_time”
]
}
],
“tenant_permissions”: ,
“static”: false
},
“notifications_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opensearch/notifications/"
],
“index_permissions”: [],
“tenant_permissions”: [],
“static”: false
},
“notifications_read_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opensearch/notifications/configs/get”,
“cluster:admin/opensearch/notifications/features”,
“cluster:admin/opensearch/notifications/channels/get”
],
“index_permissions”: [],
“tenant_permissions”: [],
“static”: false
},
“cross_cluster_replication_leader_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [],
“index_permissions”: [
{
“index_patterns”: [
"”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“indices:admin/plugins/replication/index/setup/validate”,
“indices:data/read/plugins/replication/changes”,
“indices:data/read/plugins/replication/file_chunk”
]
}
],
“tenant_permissions”: ,
“static”: false
},
“knn_read_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/knn_search_model_action”,
“cluster:admin/knn_get_model_action”,
“cluster:admin/knn_stats_action”
],
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“security_analytics_read_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opensearch/securityanalytics/alerts/get”,
“cluster:admin/opensearch/securityanalytics/detector/get”,
“cluster:admin/opensearch/securityanalytics/detector/search”,
“cluster:admin/opensearch/securityanalytics/findings/get”,
“cluster:admin/opensearch/securityanalytics/mapping/get”,
“cluster:admin/opensearch/securityanalytics/mapping/view/get”,
“cluster:admin/opensearch/securityanalytics/rule/get”,
“cluster:admin/opensearch/securityanalytics/rule/search”
],
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“security_analytics_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opensearch/securityanalytics/alerts/",
"cluster:admin/opensearch/securityanalytics/detector/”,
“cluster:admin/opensearch/securityanalytics/findings/",
"cluster:admin/opensearch/securityanalytics/mapping/”,
“cluster:admin/opensearch/securityanalytics/rule/"
],
“index_permissions”: [
{
“index_patterns”: [
"”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“indices:admin/mapping/put”,
“indices:admin/mappings/get”
]
}
],
“tenant_permissions”: ,
“static”: false
},
“knn_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/knn_training_model_action”,
“cluster:admin/knn_training_job_router_action”,
“cluster:admin/knn_training_job_route_decision_info_action”,
“cluster:admin/knn_warmup_action”,
“cluster:admin/knn_delete_model_action”,
“cluster:admin/knn_remove_model_from_cache_action”,
“cluster:admin/knn_update_model_graveyard_action”,
“cluster:admin/knn_search_model_action”,
“cluster:admin/knn_get_model_action”,
“cluster:admin/knn_stats_action”
],
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“asynchronous_search_read_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opendistro/asynchronous_search/get”
],
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“index_management_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opendistro/ism/",
"cluster:admin/opendistro/rollup/”,
“cluster:admin/opendistro/transform/",
“cluster:admin/opensearch/notifications/feature/publish”
],
“index_permissions”: [
{
“index_patterns”: [
"”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“indices:admin/opensearch/ism/"
]
}
],
“tenant_permissions”: [],
“static”: false
},
“readall_and_monitor”: {
“reserved”: true,
“hidden”: false,
“description”: “Provide the minimum permissions for to readall indices and monitor the cluster”,
“cluster_permissions”: [
“cluster_monitor”,
“cluster_composite_ops_ro”
],
“index_permissions”: [
{
“index_patterns”: [
"”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“read”
]
}
],
“tenant_permissions”: ,
“static”: true
},
“ml_read_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opensearch/ml/stats/nodes”,
“cluster:admin/opensearch/ml/models/get”,
“cluster:admin/opensearch/ml/models/search”,
“cluster:admin/opensearch/ml/tasks/get”,
“cluster:admin/opensearch/ml/tasks/search”
],
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“kibana_read_only”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: ,
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“reports_read_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opendistro/reports/definition/get”,
“cluster:admin/opendistro/reports/definition/list”,
“cluster:admin/opendistro/reports/instance/list”,
“cluster:admin/opendistro/reports/instance/get”,
“cluster:admin/opendistro/reports/menu/download”
],
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“anomaly_read_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opendistro/ad/detector/info”,
“cluster:admin/opendistro/ad/detector/search”,
“cluster:admin/opendistro/ad/detectors/get”,
“cluster:admin/opendistro/ad/result/search”,
“cluster:admin/opendistro/ad/tasks/search”,
“cluster:admin/opendistro/ad/detector/validate”,
“cluster:admin/opendistro/ad/result/topAnomalies”
],
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“anomaly_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster_monitor”,
“cluster:admin/opendistro/ad/"
],
“index_permissions”: [
{
“index_patterns”: [
"”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“indices_monitor”,
“indices:admin/aliases/get”,
“indices:admin/mappings/get”
]
}
],
“tenant_permissions”: ,
“static”: false
},
“reports_instances_read_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opendistro/reports/instance/list”,
“cluster:admin/opendistro/reports/instance/get”,
“cluster:admin/opendistro/reports/menu/download”
],
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“snapshot_management_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opensearch/snapshot_management/",
“cluster:admin/opensearch/notifications/feature/publish”,
"cluster:admin/repository/”,
“cluster:admin/snapshot/"
],
“index_permissions”: [],
“tenant_permissions”: [],
“static”: false
},
“readall”: {
“reserved”: true,
“hidden”: false,
“description”: “Provide the minimum permissions for to readall indices”,
“cluster_permissions”: [
“cluster_composite_ops_ro”
],
“index_permissions”: [
{
“index_patterns”: [
"”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“read”
]
}
],
“tenant_permissions”: ,
“static”: true
},
“asynchronous_search_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opendistro/asynchronous_search/"
],
“index_permissions”: [
{
“index_patterns”: [
"”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“indices:data/read/search*”
]
}
],
“tenant_permissions”: ,
“static”: false
},
“ml_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster_monitor”,
“cluster:admin/opensearch/ml/"
],
“index_permissions”: [
{
“index_patterns”: [
"”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“indices_monitor”
]
}
],
“tenant_permissions”: ,
“static”: false
},
“reports_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opendistro/reports/definition/create”,
“cluster:admin/opendistro/reports/definition/update”,
“cluster:admin/opendistro/reports/definition/on_demand”,
“cluster:admin/opendistro/reports/definition/delete”,
“cluster:admin/opendistro/reports/definition/get”,
“cluster:admin/opendistro/reports/definition/list”,
“cluster:admin/opendistro/reports/instance/list”,
“cluster:admin/opendistro/reports/instance/get”,
“cluster:admin/opendistro/reports/menu/download”
],
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“security_rest_api_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: ,
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“alerting_ack_alerts”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opendistro/alerting/alerts/"
],
“index_permissions”: [],
“tenant_permissions”: [],
“static”: false
},
“kibana_server”: {
“reserved”: true,
“hidden”: false,
“description”: “Provide the minimum permissions for the Kibana server”,
“cluster_permissions”: [
“cluster_monitor”,
“cluster_composite_ops”,
“manage_point_in_time”,
"indices:admin/template”,
“indices:admin/index_template*”,
“indices:data/read/scroll*”
],
“index_permissions”: [
{
“index_patterns”: [
“.kibana”,
“.opensearch_dashboards”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“indices_all”
]
},
{
“index_patterns”: [
“.kibana-6”,
“.opensearch_dashboards-6”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“indices_all”
]
},
{
“index_patterns”: [
“.kibana_",
".opensearch_dashboards_”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“indices_all”
]
},
{
“index_patterns”: [
“.tasks”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“indices_all”
]
},
{
“index_patterns”: [
“.management-beats*”
],
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“indices_all”
]
},
{
“index_patterns”: [
“"
],
“fls”: [],
“masked_fields”: [],
“allowed_actions”: [
"indices:admin/aliases”
]
}
],
“tenant_permissions”: ,
“static”: true
},
“notebooks_read_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opendistro/notebooks/list”,
“cluster:admin/opendistro/notebooks/get”
],
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
},
“notebooks_full_access”: {
“reserved”: true,
“hidden”: false,
“cluster_permissions”: [
“cluster:admin/opendistro/notebooks/create”,
“cluster:admin/opendistro/notebooks/update”,
“cluster:admin/opendistro/notebooks/delete”,
“cluster:admin/opendistro/notebooks/get”,
“cluster:admin/opendistro/notebooks/list”
],
“index_permissions”: ,
“tenant_permissions”: ,
“static”: false
}
}

Regards,
Santosh

Mantas · October 18, 2024, 11:08am

The role does not exist.

You can find the alternative ways to define roles here: Defining users and roles - OpenSearch Documentation

if pasting code or logs, etc. please use Preformatted text (Ctrl+e) or:

Best,
mj

sdas018 · October 18, 2024, 11:33am

@Mantas ,

My bad last time i have deleted the cluster that’s why the role was not their but again i have created the role readonly and assigned permission but still getting 500 Internal server error , please find the attached screen shot.

{
  "security_analytics_ack_alerts" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opensearch/securityanalytics/alerts/*"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "observability_read_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opensearch/observability/get"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "kibana_user" : {
    "reserved" : true,
    "hidden" : false,
    "description" : "Provide the minimum permissions for a kibana user",
    "cluster_permissions" : [
      "cluster_composite_ops"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          ".kibana",
          ".kibana-6",
          ".kibana_*",
          ".opensearch_dashboards",
          ".opensearch_dashboards-6",
          ".opensearch_dashboards_*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "read",
          "delete",
          "manage",
          "index"
        ]
      },
      {
        "index_patterns" : [
          ".tasks",
          ".management-beats",
          "*:.tasks",
          "*:.management-beats"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices_all"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : true
  },
  "own_index" : {
    "reserved" : true,
    "hidden" : false,
    "description" : "Allow all for indices named like the current user",
    "cluster_permissions" : [
      "cluster_composite_ops"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "${user_name}"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices_all"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : true
  },
  "alerting_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster_monitor",
      "cluster:admin/opendistro/alerting/*",
      "cluster:admin/opensearch/alerting/*",
      "cluster:admin/opensearch/notifications/feature/publish"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices_monitor",
          "indices:admin/aliases/get",
          "indices:admin/mappings/get"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "snapshot_management_read_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opensearch/snapshot_management/policy/get",
      "cluster:admin/opensearch/snapshot_management/policy/search",
      "cluster:admin/opensearch/snapshot_management/policy/explain",
      "cluster:admin/repository/get",
      "cluster:admin/snapshot/get"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "all_access" : {
    "reserved" : true,
    "hidden" : false,
    "description" : "Allow full access to all indices and all cluster APIs",
    "cluster_permissions" : [
      "*"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "*"
        ]
      }
    ],
    "tenant_permissions" : [
      {
        "tenant_patterns" : [
          "*"
        ],
        "allowed_actions" : [
          "kibana_all_write"
        ]
      }
    ],
    "static" : true
  },
  "alerting_read_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opendistro/alerting/alerts/get",
      "cluster:admin/opendistro/alerting/destination/get",
      "cluster:admin/opendistro/alerting/monitor/get",
      "cluster:admin/opendistro/alerting/monitor/search",
      "cluster:admin/opensearch/alerting/findings/get"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "cross_cluster_replication_follower_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/plugins/replication/autofollow/update"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices:admin/plugins/replication/index/setup/validate",
          "indices:data/write/plugins/replication/changes",
          "indices:admin/plugins/replication/index/start",
          "indices:admin/plugins/replication/index/pause",
          "indices:admin/plugins/replication/index/resume",
          "indices:admin/plugins/replication/index/stop",
          "indices:admin/plugins/replication/index/update",
          "indices:admin/plugins/replication/index/status_check"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "manage_snapshots" : {
    "reserved" : true,
    "hidden" : false,
    "description" : "Provide the minimum permissions for managing snapshots",
    "cluster_permissions" : [
      "manage_snapshots"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices:data/write/index",
          "indices:admin/create"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : true
  },
  "logstash" : {
    "reserved" : true,
    "hidden" : false,
    "description" : "Provide the minimum permissions for logstash and beats",
    "cluster_permissions" : [
      "cluster_monitor",
      "cluster_composite_ops",
      "indices:admin/template/get",
      "indices:admin/template/put",
      "cluster:admin/ingest/pipeline/put",
      "cluster:admin/ingest/pipeline/get"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "logstash-*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "crud",
          "create_index"
        ]
      },
      {
        "index_patterns" : [
          "*beat*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "crud",
          "create_index"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : true
  },
  "observability_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opensearch/observability/create",
      "cluster:admin/opensearch/observability/update",
      "cluster:admin/opensearch/observability/delete",
      "cluster:admin/opensearch/observability/get"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "point_in_time_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [ ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "manage_point_in_time"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "readonly" : {
    "reserved" : false,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster_composite_ops_ro"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "filebeat*",
          ".kibana*"
        ],
        "dls" : "",
        "fls" : [
          "kubernetes.node.name"
        ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "read",
          "search"
        ]
      }
    ],
    "tenant_permissions" : [
      {
        "tenant_patterns" : [
          "global_tenant"
        ],
        "allowed_actions" : [
          "kibana_all_read"
        ]
      }
    ],
    "static" : false
  },
  "notifications_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opensearch/notifications/*"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "notifications_read_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opensearch/notifications/configs/get",
      "cluster:admin/opensearch/notifications/features",
      "cluster:admin/opensearch/notifications/channels/get"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "cross_cluster_replication_leader_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [ ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices:admin/plugins/replication/index/setup/validate",
          "indices:data/read/plugins/replication/changes",
          "indices:data/read/plugins/replication/file_chunk"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "knn_read_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/knn_search_model_action",
      "cluster:admin/knn_get_model_action",
      "cluster:admin/knn_stats_action"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "security_analytics_read_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opensearch/securityanalytics/alerts/get",
      "cluster:admin/opensearch/securityanalytics/detector/get",
      "cluster:admin/opensearch/securityanalytics/detector/search",
      "cluster:admin/opensearch/securityanalytics/findings/get",
      "cluster:admin/opensearch/securityanalytics/mapping/get",
      "cluster:admin/opensearch/securityanalytics/mapping/view/get",
      "cluster:admin/opensearch/securityanalytics/rule/get",
      "cluster:admin/opensearch/securityanalytics/rule/search"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "security_analytics_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opensearch/securityanalytics/alerts/*",
      "cluster:admin/opensearch/securityanalytics/detector/*",
      "cluster:admin/opensearch/securityanalytics/findings/*",
      "cluster:admin/opensearch/securityanalytics/mapping/*",
      "cluster:admin/opensearch/securityanalytics/rule/*"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices:admin/mapping/put",
          "indices:admin/mappings/get"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "knn_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/knn_training_model_action",
      "cluster:admin/knn_training_job_router_action",
      "cluster:admin/knn_training_job_route_decision_info_action",
      "cluster:admin/knn_warmup_action",
      "cluster:admin/knn_delete_model_action",
      "cluster:admin/knn_remove_model_from_cache_action",
      "cluster:admin/knn_update_model_graveyard_action",
      "cluster:admin/knn_search_model_action",
      "cluster:admin/knn_get_model_action",
      "cluster:admin/knn_stats_action"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "asynchronous_search_read_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opendistro/asynchronous_search/get"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "index_management_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opendistro/ism/*",
      "cluster:admin/opendistro/rollup/*",
      "cluster:admin/opendistro/transform/*",
      "cluster:admin/opensearch/notifications/feature/publish"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices:admin/opensearch/ism/*"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "readall_and_monitor" : {
    "reserved" : true,
    "hidden" : false,
    "description" : "Provide the minimum permissions for to readall indices and monitor the cluster",
    "cluster_permissions" : [
      "cluster_monitor",
      "cluster_composite_ops_ro"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "read"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : true
  },
  "ml_read_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opensearch/ml/stats/nodes",
      "cluster:admin/opensearch/ml/models/get",
      "cluster:admin/opensearch/ml/models/search",
      "cluster:admin/opensearch/ml/tasks/get",
      "cluster:admin/opensearch/ml/tasks/search"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "kibana_read_only" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [ ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "reports_read_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opendistro/reports/definition/get",
      "cluster:admin/opendistro/reports/definition/list",
      "cluster:admin/opendistro/reports/instance/list",
      "cluster:admin/opendistro/reports/instance/get",
      "cluster:admin/opendistro/reports/menu/download"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "anomaly_read_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opendistro/ad/detector/info",
      "cluster:admin/opendistro/ad/detector/search",
      "cluster:admin/opendistro/ad/detectors/get",
      "cluster:admin/opendistro/ad/result/search",
      "cluster:admin/opendistro/ad/tasks/search",
      "cluster:admin/opendistro/ad/detector/validate",
      "cluster:admin/opendistro/ad/result/topAnomalies"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "anomaly_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster_monitor",
      "cluster:admin/opendistro/ad/*"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices_monitor",
          "indices:admin/aliases/get",
          "indices:admin/mappings/get"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "reports_instances_read_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opendistro/reports/instance/list",
      "cluster:admin/opendistro/reports/instance/get",
      "cluster:admin/opendistro/reports/menu/download"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "snapshot_management_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opensearch/snapshot_management/*",
      "cluster:admin/opensearch/notifications/feature/publish",
      "cluster:admin/repository/*",
      "cluster:admin/snapshot/*"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "readall" : {
    "reserved" : true,
    "hidden" : false,
    "description" : "Provide the minimum permissions for to readall indices",
    "cluster_permissions" : [
      "cluster_composite_ops_ro"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "read"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : true
  },
  "asynchronous_search_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opendistro/asynchronous_search/*"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices:data/read/search*"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "ml_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster_monitor",
      "cluster:admin/opensearch/ml/*"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices_monitor"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "reports_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opendistro/reports/definition/create",
      "cluster:admin/opendistro/reports/definition/update",
      "cluster:admin/opendistro/reports/definition/on_demand",
      "cluster:admin/opendistro/reports/definition/delete",
      "cluster:admin/opendistro/reports/definition/get",
      "cluster:admin/opendistro/reports/definition/list",
      "cluster:admin/opendistro/reports/instance/list",
      "cluster:admin/opendistro/reports/instance/get",
      "cluster:admin/opendistro/reports/menu/download"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "security_rest_api_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [ ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "alerting_ack_alerts" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opendistro/alerting/alerts/*"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "kibana_server" : {
    "reserved" : true,
    "hidden" : false,
    "description" : "Provide the minimum permissions for the Kibana server",
    "cluster_permissions" : [
      "cluster_monitor",
      "cluster_composite_ops",
      "manage_point_in_time",
      "indices:admin/template*",
      "indices:admin/index_template*",
      "indices:data/read/scroll*"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          ".kibana",
          ".opensearch_dashboards"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices_all"
        ]
      },
      {
        "index_patterns" : [
          ".kibana-6",
          ".opensearch_dashboards-6"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices_all"
        ]
      },
      {
        "index_patterns" : [
          ".kibana_*",
          ".opensearch_dashboards_*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices_all"
        ]
      },
      {
        "index_patterns" : [
          ".tasks"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices_all"
        ]
      },
      {
        "index_patterns" : [
          ".management-beats*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices_all"
        ]
      },
      {
        "index_patterns" : [
          "*"
        ],
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices:admin/aliases*"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : true
  },
  "notebooks_read_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opendistro/notebooks/list",
      "cluster:admin/opendistro/notebooks/get"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  },
  "notebooks_full_access" : {
    "reserved" : true,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster:admin/opendistro/notebooks/create",
      "cluster:admin/opendistro/notebooks/update",
      "cluster:admin/opendistro/notebooks/delete",
      "cluster:admin/opendistro/notebooks/get",
      "cluster:admin/opendistro/notebooks/list"
    ],
    "index_permissions" : [ ],
    "tenant_permissions" : [ ],
    "static" : false
  }
}

sdas018 · October 18, 2024, 11:39am

@Mantas I have updated index permission also but still no luck.

Mantas · October 18, 2024, 1:52pm

@sdas018, any errors in your OpenSearch nodes to give some more clues?

But I think what is happening here is that you are applying FLS to .kibana* index pattern that breaks it.

So I would say get the .kibana* out of “index_patterns” and make sure the user has a role called kibana_user also.

or something like:
(just a sample - review if planning to use)

{
  "readonly": {
    "reserved": false,
    "hidden": false,
    "cluster_permissions": [
      "cluster_composite_ops_ro"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "filebeat*"
        ],
        "fls": [
          "kubernetes.node.name"
        ],
        "masked_fields": [],
        "allowed_actions": [
          "read",
          "search"
        ]
      },
      {
        "index_patterns": [
          ".kibana*"
        ],
        "allowed_actions": [
          "read",
          "search"
        ]
      }
    ]
  }
}

Best,
mj

sdas018 · October 22, 2024, 6:13am

Hello @Mantas ,

I have removed .kibana index* this time and kept the attached role as you suggested refer snip1 , now it allows me to login but unable to see my filebeat index refer snip2.

{
  "security_analytics_ack_alerts": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opensearch/securityanalytics/alerts/*"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "observability_read_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opensearch/observability/get"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "kibana_user": {
    "reserved": true,
    "hidden": false,
    "description": "Provide the minimum permissions for a kibana user",
    "cluster_permissions": [
      "cluster_composite_ops"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          ".kibana",
          ".kibana-6",
          ".kibana_*",
          ".opensearch_dashboards",
          ".opensearch_dashboards-6",
          ".opensearch_dashboards_*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "read",
          "delete",
          "manage",
          "index"
        ]
      },
      {
        "index_patterns": [
          ".tasks",
          ".management-beats",
          "*:.tasks",
          "*:.management-beats"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices_all"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": true
  },
  "own_index": {
    "reserved": true,
    "hidden": false,
    "description": "Allow all for indices named like the current user",
    "cluster_permissions": [
      "cluster_composite_ops"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "${user_name}"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices_all"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": true
  },
  "alerting_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster_monitor",
      "cluster:admin/opendistro/alerting/*",
      "cluster:admin/opensearch/alerting/*",
      "cluster:admin/opensearch/notifications/feature/publish"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices_monitor",
          "indices:admin/aliases/get",
          "indices:admin/mappings/get"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": false
  },
  "snapshot_management_read_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opensearch/snapshot_management/policy/get",
      "cluster:admin/opensearch/snapshot_management/policy/search",
      "cluster:admin/opensearch/snapshot_management/policy/explain",
      "cluster:admin/repository/get",
      "cluster:admin/snapshot/get"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "all_access": {
    "reserved": true,
    "hidden": false,
    "description": "Allow full access to all indices and all cluster APIs",
    "cluster_permissions": [
      "*"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "*"
        ]
      }
    ],
    "tenant_permissions": [
      {
        "tenant_patterns": [
          "*"
        ],
        "allowed_actions": [
          "kibana_all_write"
        ]
      }
    ],
    "static": true
  },
  "alerting_read_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opendistro/alerting/alerts/get",
      "cluster:admin/opendistro/alerting/destination/get",
      "cluster:admin/opendistro/alerting/monitor/get",
      "cluster:admin/opendistro/alerting/monitor/search",
      "cluster:admin/opensearch/alerting/findings/get"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "cross_cluster_replication_follower_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/plugins/replication/autofollow/update"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices:admin/plugins/replication/index/setup/validate",
          "indices:data/write/plugins/replication/changes",
          "indices:admin/plugins/replication/index/start",
          "indices:admin/plugins/replication/index/pause",
          "indices:admin/plugins/replication/index/resume",
          "indices:admin/plugins/replication/index/stop",
          "indices:admin/plugins/replication/index/update",
          "indices:admin/plugins/replication/index/status_check"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": false
  },
  "manage_snapshots": {
    "reserved": true,
    "hidden": false,
    "description": "Provide the minimum permissions for managing snapshots",
    "cluster_permissions": [
      "manage_snapshots"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices:data/write/index",
          "indices:admin/create"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": true
  },
  "logstash": {
    "reserved": true,
    "hidden": false,
    "description": "Provide the minimum permissions for logstash and beats",
    "cluster_permissions": [
      "cluster_monitor",
      "cluster_composite_ops",
      "indices:admin/template/get",
      "indices:admin/template/put",
      "cluster:admin/ingest/pipeline/put",
      "cluster:admin/ingest/pipeline/get"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "logstash-*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "crud",
          "create_index"
        ]
      },
      {
        "index_patterns": [
          "*beat*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "crud",
          "create_index"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": true
  },
  "observability_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opensearch/observability/create",
      "cluster:admin/opensearch/observability/update",
      "cluster:admin/opensearch/observability/delete",
      "cluster:admin/opensearch/observability/get"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "point_in_time_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [],
    "index_permissions": [
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "manage_point_in_time"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": false
  },
  "readonly": {
    "reserved": false,
    "hidden": false,
    "cluster_permissions": [
      "cluster_composite_ops_ro"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "filebeat*"
        ],
        "dls": "",
        "fls": [
          "kubernetes.node.name"
        ],
        "masked_fields": [],
        "allowed_actions": [
          "read",
          "search"
        ]
      }
    ],
    "tenant_permissions": [
      {
        "tenant_patterns": [
          "global_tenant"
        ],
        "allowed_actions": [
          "kibana_all_write"
        ]
      }
    ],
    "static": false
  },
  "notifications_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opensearch/notifications/*"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "notifications_read_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opensearch/notifications/configs/get",
      "cluster:admin/opensearch/notifications/features",
      "cluster:admin/opensearch/notifications/channels/get"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "cross_cluster_replication_leader_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [],
    "index_permissions": [
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices:admin/plugins/replication/index/setup/validate",
          "indices:data/read/plugins/replication/changes",
          "indices:data/read/plugins/replication/file_chunk"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": false
  },
  "knn_read_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/knn_search_model_action",
      "cluster:admin/knn_get_model_action",
      "cluster:admin/knn_stats_action"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "security_analytics_read_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opensearch/securityanalytics/alerts/get",
      "cluster:admin/opensearch/securityanalytics/detector/get",
      "cluster:admin/opensearch/securityanalytics/detector/search",
      "cluster:admin/opensearch/securityanalytics/findings/get",
      "cluster:admin/opensearch/securityanalytics/mapping/get",
      "cluster:admin/opensearch/securityanalytics/mapping/view/get",
      "cluster:admin/opensearch/securityanalytics/rule/get",
      "cluster:admin/opensearch/securityanalytics/rule/search"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "security_analytics_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opensearch/securityanalytics/alerts/*",
      "cluster:admin/opensearch/securityanalytics/detector/*",
      "cluster:admin/opensearch/securityanalytics/findings/*",
      "cluster:admin/opensearch/securityanalytics/mapping/*",
      "cluster:admin/opensearch/securityanalytics/rule/*"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices:admin/mapping/put",
          "indices:admin/mappings/get"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": false
  },
  "knn_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/knn_training_model_action",
      "cluster:admin/knn_training_job_router_action",
      "cluster:admin/knn_training_job_route_decision_info_action",
      "cluster:admin/knn_warmup_action",
      "cluster:admin/knn_delete_model_action",
      "cluster:admin/knn_remove_model_from_cache_action",
      "cluster:admin/knn_update_model_graveyard_action",
      "cluster:admin/knn_search_model_action",
      "cluster:admin/knn_get_model_action",
      "cluster:admin/knn_stats_action"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "asynchronous_search_read_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opendistro/asynchronous_search/get"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "index_management_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opendistro/ism/*",
      "cluster:admin/opendistro/rollup/*",
      "cluster:admin/opendistro/transform/*",
      "cluster:admin/opensearch/notifications/feature/publish"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices:admin/opensearch/ism/*"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": false
  },
  "readall_and_monitor": {
    "reserved": true,
    "hidden": false,
    "description": "Provide the minimum permissions for to readall indices and monitor the cluster",
    "cluster_permissions": [
      "cluster_monitor",
      "cluster_composite_ops_ro"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "read"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": true
  },
  "ml_read_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opensearch/ml/stats/nodes",
      "cluster:admin/opensearch/ml/models/get",
      "cluster:admin/opensearch/ml/models/search",
      "cluster:admin/opensearch/ml/tasks/get",
      "cluster:admin/opensearch/ml/tasks/search"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "kibana_read_only": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "reports_read_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opendistro/reports/definition/get",
      "cluster:admin/opendistro/reports/definition/list",
      "cluster:admin/opendistro/reports/instance/list",
      "cluster:admin/opendistro/reports/instance/get",
      "cluster:admin/opendistro/reports/menu/download"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "anomaly_read_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opendistro/ad/detector/info",
      "cluster:admin/opendistro/ad/detector/search",
      "cluster:admin/opendistro/ad/detectors/get",
      "cluster:admin/opendistro/ad/result/search",
      "cluster:admin/opendistro/ad/tasks/search",
      "cluster:admin/opendistro/ad/detector/validate",
      "cluster:admin/opendistro/ad/result/topAnomalies"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "anomaly_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster_monitor",
      "cluster:admin/opendistro/ad/*"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices_monitor",
          "indices:admin/aliases/get",
          "indices:admin/mappings/get"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": false
  },
  "reports_instances_read_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opendistro/reports/instance/list",
      "cluster:admin/opendistro/reports/instance/get",
      "cluster:admin/opendistro/reports/menu/download"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "snapshot_management_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opensearch/snapshot_management/*",
      "cluster:admin/opensearch/notifications/feature/publish",
      "cluster:admin/repository/*",
      "cluster:admin/snapshot/*"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "readall": {
    "reserved": true,
    "hidden": false,
    "description": "Provide the minimum permissions for to readall indices",
    "cluster_permissions": [
      "cluster_composite_ops_ro"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "read"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": true
  },
  "asynchronous_search_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opendistro/asynchronous_search/*"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices:data/read/search*"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": false
  },
  "ml_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster_monitor",
      "cluster:admin/opensearch/ml/*"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices_monitor"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": false
  },
  "reports_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opendistro/reports/definition/create",
      "cluster:admin/opendistro/reports/definition/update",
      "cluster:admin/opendistro/reports/definition/on_demand",
      "cluster:admin/opendistro/reports/definition/delete",
      "cluster:admin/opendistro/reports/definition/get",
      "cluster:admin/opendistro/reports/definition/list",
      "cluster:admin/opendistro/reports/instance/list",
      "cluster:admin/opendistro/reports/instance/get",
      "cluster:admin/opendistro/reports/menu/download"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "security_rest_api_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "alerting_ack_alerts": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opendistro/alerting/alerts/*"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "kibana_server": {
    "reserved": true,
    "hidden": false,
    "description": "Provide the minimum permissions for the Kibana server",
    "cluster_permissions": [
      "cluster_monitor",
      "cluster_composite_ops",
      "manage_point_in_time",
      "indices:admin/template*",
      "indices:admin/index_template*",
      "indices:data/read/scroll*"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          ".kibana",
          ".opensearch_dashboards"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices_all"
        ]
      },
      {
        "index_patterns": [
          ".kibana-6",
          ".opensearch_dashboards-6"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices_all"
        ]
      },
      {
        "index_patterns": [
          ".kibana_*",
          ".opensearch_dashboards_*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices_all"
        ]
      },
      {
        "index_patterns": [
          ".tasks"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices_all"
        ]
      },
      {
        "index_patterns": [
          ".management-beats*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices_all"
        ]
      },
      {
        "index_patterns": [
          "*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices:admin/aliases*"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": true
  },
  "notebooks_read_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opendistro/notebooks/list",
      "cluster:admin/opendistro/notebooks/get"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  },
  "notebooks_full_access": {
    "reserved": true,
    "hidden": false,
    "cluster_permissions": [
      "cluster:admin/opendistro/notebooks/create",
      "cluster:admin/opendistro/notebooks/update",
      "cluster:admin/opendistro/notebooks/delete",
      "cluster:admin/opendistro/notebooks/get",
      "cluster:admin/opendistro/notebooks/list"
    ],
    "index_permissions": [],
    "tenant_permissions": [],
    "static": false
  }
}

Mantas · October 22, 2024, 12:07pm

@sdas018, could you share the output of:

GET _cat/indices/filebeat*

best,
mj

sdas018 · October 22, 2024, 12:35pm

Hello @Mantas ,

Please find the details

health status index           uuid                   pri rep docs.count docs.deleted store.size pri.store.size
yellow open   filebeat-000011 IHV4NclXQPirDs56EfXzow   2   1    1306704            0    195.6mb        195.6mb
green  open   filebeat-000010 U-h_-3ytTVCmuwTIi56qmg   2   1   84818000            0     21.5gb         10.7gb

Mantas · October 22, 2024, 12:44pm

@sdas018, can you test without FLS, if the behaviour is the same?

best,
mj

sdas018 · October 23, 2024, 6:00am

@Mantas ,

Yes it works with out adding FLS, now i have created a tenant and added only index pattern filebeat* and i am able to see logs but when i add FLS it didn’t works.
“fls”: [
“kubernetes.node.name”

Mantas · October 23, 2024, 10:47am

@sdas018, could you share a sample of a _doc in your index ( filebeat*).
Am I correct to assume that you want a user with the role readonly only to see "kubernetes.node.name" field?

thanks,
mj

sdas018 · October 23, 2024, 11:03am

@Mantas ,

I wanted to create a user readonly to see logs from filebeat* index with “kubernetes.node.name” field as encrypted.

Mantas · October 23, 2024, 11:49am

In this case, you need field masking or exclude FLS with (~) please see more below:

best,
mj

Topic		Replies	Views
Opensearch dashboards throwing internal several error after 2 hours in login Security troubleshoot	3	618	October 21, 2022
Multiple exceptions related to plugins.security Security	1	530	April 30, 2024
Curl to dashboard pod gives {"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred."} with centos image OpenSearch Dashboards install	7	2297	March 28, 2023
"Internal Server Error" for unauthorized users OpenSearch Dashboards	7	177	August 1, 2024
Internal user not able to perform operations based on internal role Security troubleshoot , configure	10	1322	June 21, 2022

{ "statusCode": 500, "error": "Internal Server Error", "message": "An internal server error occurred." }

dashboard logs

but i got response for the below

Related topics