Users can't update index patterns

bailu · June 13, 2025, 9:09am

With OpenSearch and Dashboards 3.0.0
updating Index Pattern for a user in Dashboards does not work.

There is no error message but in the browser dev console it shows that…

PUT https://server-name/opensearch/api/saved_objects/index-pattern/6953c7a0-983d-11ef-8eac-f91959ff5b85 500 (Internal Server Error)

And in the Server logs it shows that…

org.opensearch.OpenSearchSecurityException: Update is not supported when FLS or DLS or Fieldmasking is activated...

But getting a list of all roles with GET _plugins/_security/api/roles reveals that no role has FLS, DLS or fieldmasking activated.

Updating index patterns works only for the admin user.

I fail to see what is blocking updating of index patterns for normal users. Any hints are appreciated.

pablo · June 13, 2025, 9:38am

@bailu Could you share authinfo of the reported user?

bailu · June 13, 2025, 11:01am

GET _plugins/_security/authinfo

{
  "user": "User [name=test_user, backend_roles=[], requestedTenant=__user__]",
  "user_name": "test_user",
  "user_requested_tenant": "__user__",
  "remote_address": "10.85.0.15:49168",
  "backend_roles": [
    ""
  ],
  "custom_attribute_names": [],
  "roles": [
    "own_index",
    "test_role"
  ],
  "tenants": {
    "test_user": true
  },
  "principal": null,
  "peer_certificates": "0",
  "sso_logout_url": null
}

GET _plugins/_security/api/roles/test_role

{
  "test_role": {
    "reserved": false,
    "hidden": false,
    "cluster_permissions": [
      "cluster_composite_ops_ro"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "test-*"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "search",
          "read"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": false
  }
}

GET _plugins/_security/api/roles/own_index

{
  "own_index": {
    "reserved": true,
    "hidden": false,
    "description": "Allow all for indices named like the current user",
    "cluster_permissions": [
      "cluster_composite_ops"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "${user_name}"
        ],
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "indices_all"
        ]
      }
    ],
    "tenant_permissions": [],
    "static": true
  }
}

pablo · June 13, 2025, 4:41pm

@bailu I’ve tested your user and roles settings. I’ve reproduced the reported 500 error.
I workaround it by adding get permission to .kibana indices

{
  "testrole" : {
    "reserved" : false,
    "hidden" : false,
    "cluster_permissions" : [
      "cluster_composite_ops_ro"
    ],
    "index_permissions" : [
      {
        "index_patterns" : [
          "test-*"
        ],
        "dls" : "",
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "indices_all"
        ]
      },
      {
        "index_patterns" : [
          ".kibana*"
        ],
        "dls" : "",
        "fls" : [ ],
        "masked_fields" : [ ],
        "allowed_actions" : [
          "get"
        ]
      }
    ],
    "tenant_permissions" : [ ],
    "static" : false
  }
}

Below is my working update

 curl --insecure -u pablo:Eliatra123 -H "osd-sxrf:true" -H "securitytenant: private" https://docker4.pablo.local:5601/api/saved_objects/_find?type=index-pattern|jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1045  100  1045    0     0  49816      0 --:--:-- --:--:-- --:--:-- 52250
{
  "page": 1,
  "per_page": 20,
  "total": 1,
  "saved_objects": [
    {
      "type": "index-pattern",
      "id": "e3f98ea0-4872-11f0-8a07-97cbb95021c9",
      "attributes": {
        "title": "test*",
        "fields": "[{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false}]"
      },
      "references": [],
      "migrationVersion": {
        "index-pattern": "7.6.0"
      },
      "updated_at": "2025-06-13T16:24:33.674Z",
      "version": "WzEsMV0=",
      "namespaces": [
        "default"
      ],
      "score": 0
    }
  ]
}

curl -X PUT "https://docker4.pablo.local:5601/api/saved_objects/index-pattern/e3f98ea0-4872-11f0-8a07-97cbb95021c9" \
  -H "osd-xsrf: true" \
  -H "Content-Type: application/json" \
  -H "securitytenant: private" \
  -u pablo:Eliatra123 \
  -d '{
    "attributes": {
      "title": "index-pattern-name-*",
      "timeFieldName": "@timestamp"
    }
  }' -k
{"id":"e3f98ea0-4872-11f0-8a07-97cbb95021c9","type":"index-pattern","updated_at":"2025-06-13T16:30:47.274Z","version":"WzQsMV0=","namespaces":["default"],"attributes":{"title":"index-pattern-name-*","timeFieldName":"@timestamp"}}

curl --insecure -u pablo:Eliatra123 -H "osd-sxrf:true" -H "securitytenant: private" https://docker4.pablo.local:5601/api/saved_objects/_find?type=index-pattern|jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1089  100  1089    0     0  50342      0 --:--:-- --:--:-- --:--:-- 51857
{
  "page": 1,
  "per_page": 20,
  "total": 1,
  "saved_objects": [
    {
      "type": "index-pattern",
      "id": "e3f98ea0-4872-11f0-8a07-97cbb95021c9",
      "attributes": {
        "title": "index-pattern-name-*",
        "fields": "[{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false}]",
        "timeFieldName": "@timestamp"
      },
      "references": [],
      "migrationVersion": {
        "index-pattern": "7.6.0"
      },
      "updated_at": "2025-06-13T16:30:47.274Z",
      "version": "WzQsMV0=",
      "namespaces": [
        "default"
      ],
      "score": 0
    }
  ]
}

Topic		Replies	Views
On applying DLS in role configuraiton, not able to see index pattern and dashboard details Security troubleshoot	8	97	July 12, 2024
Weird error when trying to update index pattern Security	3	640	February 2, 2024
Opensearch role creation for user with few index pattern permission only Security troubleshoot , index-management	12	132	January 15, 2025
Read only user not being able to update UI settings (api/opensearch-dashboards/settings) OpenSearch	7	68	January 23, 2025
Roles and permissions - view dashboards Security	8	768	June 4, 2024

Users can't update index patterns

Related topics