You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
In the Dev Tools Console, a User with restricted indices permissions will not get autocomplete.
I created a new Opensearch and Opensearch Dashboards instance, used the admin user to create 3 indices: abc, abc_123 and def.
I created a new role named my_role and granted it no cluster permissions, but with index permissions indices_all to index pattern ["abc*"].
I created a new user named dev and assigned it to the role my_role.
Expected behavior
Autocomplete should appear for abc, abc_123 but not for def.
Actual behavior
I get no autocomplete at all.
OpenSearch Version
2.11.1
Dashboards Version
2.11.1
Plugins
Nil
Screenshots
Configured permissions for the role my_role.
Logs show that the dev user is trying to get mapping for all indices (*)
Host/Environment (please complete the following information):
OS: Opensearch and Opensearch-Dashboards docker images in a Windows Host running Docker Desktop
Browser and version Chrome version 122.0.6261.71
Additional context
If I replace abc* with just *, autocomplete works. If I put every single index from _cat/indices into that list, it works. If I remove def, autocomplete no longer works.
From my preliminary investigation, the autocomplete is derived from doing a GET _mappings API call, which returns the mappings for all indices. This API call returns 403 as long as the user does not have indices:admin/mappings/get for a single index.
I'm not sure if this should be fixed by Opensearch or Opensearch-Dashboards.
The text was updated successfully, but these errors were encountered:
Describe the bug
In the Dev Tools Console, a User with restricted indices permissions will not get autocomplete.
I created a new Opensearch and Opensearch Dashboards instance, used the admin user to create 3 indices:
abc
,abc_123
anddef
.I created a new role named
my_role
and granted it no cluster permissions, but with index permissionsindices_all
to index pattern ["abc*"].I created a new user named
dev
and assigned it to the rolemy_role
.Expected behavior
Autocomplete should appear for
abc
,abc_123
but not fordef
.Actual behavior
I get no autocomplete at all.
OpenSearch Version
2.11.1
Dashboards Version
2.11.1
Plugins
Nil
Screenshots
Configured permissions for the role
my_role
.Logs show that the
dev
user is trying to get mapping for all indices (*)Host/Environment (please complete the following information):
Additional context
If I replace
abc*
with just*
, autocomplete works. If I put every single index from_cat/indices
into that list, it works. If I removedef
, autocomplete no longer works.From my preliminary investigation, the autocomplete is derived from doing a
GET _mappings
API call, which returns the mappings for all indices. This API call returns 403 as long as the user does not haveindices:admin/mappings/get
for a single index.I'm not sure if this should be fixed by Opensearch or Opensearch-Dashboards.
The text was updated successfully, but these errors were encountered: