Not able to see any data in discover tab when configuring index level permissions in Opensearch Dashboard

Question

I have configured my Opensearch with some indices and able to see the logs in Discover tab using admin user. Now, the next step is to provide index level permissions to each user.

Current Configuration: I have created one role with full cluster level access and also read+write on Global tenant (where I initially created the index). For index permission, I have provided my index name "myefk*". This role has been attached to one user "user1".

Expected Result: I was expecting to see all the logs in discover tab for myefk index when logged in with user1.

Actual Result: The discover tab is empty, It is not showing anything. However, by using Dev tools, I can search for the logs in this specific index and able to get the result.

So Now, I am confused if my configuration is actually correct or any other permission is required. Is it really possible to see the logs in discover tab when working with index level permissions.

Answer 1

For this to achieve, we would need to create a tenant and a role with the below permissions: Cluster permissions: cluster_composite_ops Index permissions: unlimited map this role the newly created tenant with read and write access Map the user role to the backend role

and finally map the user to opensearch_dashboards_user role as well..

for any further info. you can look at in to this: https://forum.opensearch.org/t/creating-role-for-having-complete-access-to-only-specified-indices/9945