Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): 2.8.0 , use latest Firefox/chrome
Describe the issue:
I have OS cluster ( 3 nodes) with multiple tenants , users have full admin over their tenant.
Users get error saving CSV on their tenant.
"Error generating report.Insufficient permissions. Reach out to your OpenSearch Dashboards administrator."
Configuration:
For each tenant , I have two role bindings :
RoleMapping1:
cluster permissions
indices:admin/create
indices_all
cluster:admin/opensearch/observability/get
index_permissions
indices_all
indices:admin/create
tenants: tenant1(RW) , global_tenant(RW)
RoleMapping2:
reports_full_access_tenant1. Permissions copied from standard role “reports_full_access” .
tenants: tenant1(RW) , global_tenant(RW)
Relevant Logs or Screenshots:
Corresponding error on open search node
[2023-07-05T15:59:40,121][WARN ][o.o.r.a.PluginBaseAction ] [xxxxxxxxxxxxxx] reports:OpenSearchStatusException: message:no permissions for [indices:admin/create] and User [name=CN=xxxxxxx,OU=Person,OU=Users,OU=xxxxxxxxxxxxxx,OU=Cxxxxxxxxxxxx,OU=xxxxxxxxxxxxx OUs,OU=xxxxxxxxxxx,DC=xx,DC=xxxxxx,DC=xxxxx, backend_roles=[xxxxx,yyyyy,zzzzz], requestedTenant=zzzzz]