In Opensearch, How do I provide permissions for a specific user/role to save a vega visualization

Asked Feb 08 '23 at 23:15

Active Feb 09 '23 at 14:38

Viewed 279 times

A user building a visualization in AWS opensearch doesn't have the ability to save the visualization.

When attempting to save the visualization:

  {statusCode:403, error:'Forbidden'
  message : "no permissions for [indices:data/write/bulk] and User [name='someuser', 
     backend_roles=[], requestedTenant='MyTenant']: security_exception"
  }

We've created a custom role, mapped the user to the roll, and granted the roll both

  indices:data/write/bulk
  indices:data/write/bulk*

These index permissions are granted to both the query's target index pattern, and to the '*' index pattern. We've also verified that when the user is logged in the roll appears in the user's profile's "Roles and Identities".

What should I try next?

edited Feb 09 '23 at 14:38

asked Feb 08 '23 at 23:15

gbegley

2,609
5
29
41

Same issue here. Querying on WebUI works, querying via CLI/API does not, because idk what parameter to provide to assume a role – alanjds Aug 09 '23 at 14:18
@alanjds When querying via curl, I've always used curl with the "-u USER:PASS" option. E.g. curl -s -u "$ESAUTH" -X POST -d "$ESBODY" -H "Content-Type: application/json" "$ESURL"/SOME_INDEX_PATTERN-*/_search?size=1 Where $ESAUTH=myuser:mypassword, thereby granting the request permissions given to "myuser". – gbegley Aug 24 '23 at 02:54

In Opensearch, How do I provide permissions for a specific user/role to save a vega visualization

0 Answers0