Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
v 2.18.0
opensearch-operator 2.7.0
Describe the issue:
I am trying to restrict user access to different tenants and index patterns.
I copied the roles configuration from a different OpenSearch installation (version 2.6.0) where everything works as expected.
My issue is that when I log in as a user from the opensearch_infra group, I can still see indices and other tenants. I want to disable this behavior.
Configuration:
In the roles.yml I have
opensearch_infra:
cluster_permissions:
- cluster_composite_ops
- indices_monitor
index_permissions:
- allowed_actions:
- data_access
index_patterns:
- 'infra-*'
reserved: true
tenant_permissions:
- allowed_actions:
- kibana_all_write
tenant_patterns:
- infra
In the opensearch.yaml I have:
dashboards:
additionalConfig:
opensearch_security.multitenancy.enabled: "true"
opensearch_security.multitenancy.tenants.enable_global: "false"
opensearch_security.multitenancy.tenants.enable_private: "false"
In the roles_mapping.yml I have:
opensearch_infra:
backend_roles:
- opensearch_infra
- kibanauser
reserved: true
All that configs passed as a template: data: to the opensearch-securityconfig-secret
I can see the role opensearch_infra in the OpenSearch Dashboard, and the permissions look good to me (screenshot attached).
Do I need to perform any additional configuration?
Relevant Logs or Screenshots:
