0

I want to provide a user e.g. an analyst a set of permissions that will allow him to:

  1. read index
  2. build dashboard around it
  3. save dashboard

First two activities are easily covered by the permissions I found (using cluster_composite_ops_ro and indices:data/read/*), however I'm still unable to define exact permissions to allow saving the dashboard. Could you please advise?

I tested all indices:data/write/* permissions, kibana_all_write cluster permissions and write action permission to no avail.

Filip Piotrowski
  • 31
  • 5

2 Answers2

3

I used dashboards role that out of the box comes with the following permissions:

cluster permissions: cluster_monitor
index pattern: *
permissions: index, read
index pattern: .kibana*
permissions: write

The role had to be assigned to global_tenant and that did the trick.

Filip Piotrowski
  • 31
  • 5
  • Adding these just worked for me as well! Do you know which one of those exactly allows the user to save a dashboard? – Sam Mar 10 '23 at 18:04
  • Hi Sam, I only worked with generic "write" permission and it consists of multiple ones at the cluster/index level so I'm not able to tell you exactly which standalone permission it is – Filip Piotrowski Apr 03 '23 at 14:53
0

there is a predefined role that you can consider: opensearch_dashboards_user https://opensearch.org/docs/1.2/security-plugin/access-control/users-roles/#predefined-roles

glenacota
  • 2,314
  • 1
  • 11
  • 18
  • I saw this in the documentation however there is no `opensearch_dashboards_user` in my roles list. I checked it on my production cluster 2.3.0 as well as brand new 2.5.0 sandbox. I have most of the predefined roles there but this one is missing – Filip Piotrowski Mar 02 '23 at 09:27