Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OpenSearch 2.17 on AWS
Describe the issue:
After the update of Opensearch on AWS from 2.11 to 2.17, during search I meet an error for one index:
no permissions for [indices:data/read/msearch] and User [name=xxx, backend_roles=, requestedTenant=null]"}]
I didn’t find the permission indices:data/read/msearch in configuration of role. The reindexation did’t resolve the problem, and it only exists for one index. How to correct it?
The reason this is the case, is because its a Multi-Search action which means its composed of individual search actions. From a security perspective, all individual search actions are authorized individually. By having indices:data/read/msearch as a cluster permission, essentially it gives a cluster operator the ability to say: This user can perform msearch, but another user cannot. If a user can perform msearch, then it moves on to authorizing the individual search actions.