Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOC] Enhance documentation to provide clarity for some index level permissions used as cluster level permissions #621

Closed
donjude opened this issue May 31, 2022 · 5 comments · Fixed by #7161
Closed

[DOC] Enhance documentation to provide clarity for some index level permissions used as cluster level permissions #621

donjude opened this issue May 31, 2022 · 5 comments · Fixed by #7161
Assignees
@AntonEliatra
Labels
3 - Done Issue is done/complete security

Comments

@donjude
Copy link

donjude commented May 31, 2022

Is your feature request related to a problem?

Can the documentation https://opensearch.org/docs/latest/security-plugin/access-control/permissions be enhanced to provide clarity for some index level permissions that are supposed to be applied as cluster level permissions to grant users the right access.

Example of such permissions are seen below however, they have been classified only as index level permissions:

Cluster Permissions:
indices:data/write/bulk*
indices:data/read/scroll

What solution would you like?

_This would avoid confusion and provide a clear documentation as to what index level permissions are supposed to be used at the cluster level to grant users the permission they require.

Do you have any additional context?

_Mostly we are faced with the example error message for such permission, only to add them as a cluster level permission in order for it to work.

"root_cause":{"type":"security_exception","reason":"no permissions for [indices:data/write/delete, indices:data/write/bulk[s]] and User [name=housekeeping, backend_roles=[], requestedTenant=null]"}]
@Naarcha-AWS Naarcha-AWS added this to the 2022-Q2 milestone Jun 6, 2022
@Naarcha-AWS Naarcha-AWS added the 1 - Backlog Issue: The issue is unassigned or assigned but not started label Jun 22, 2022
@Naarcha-AWS Naarcha-AWS modified the milestones: 2022-Q2, 2022-Q3 Jun 27, 2022
@hdhalter
Copy link
Contributor

hdhalter commented Mar 7, 2023

Hi @cwillum , I know you've made some updates to this section. Can you please review to see if we've resolved this issue? Thanks!

@hdhalter hdhalter added the Sev3 Medium priority. Content that's missing, driven by dev, PM or the community. label Mar 7, 2023
@hdhalter hdhalter removed the 1 - Backlog Issue: The issue is unassigned or assigned but not started label Dec 5, 2023
@hdhalter hdhalter removed the Sev3 Medium priority. Content that's missing, driven by dev, PM or the community. label Dec 5, 2023
@hdhalter hdhalter mentioned this issue Dec 5, 2023
Open
19 tasks
@hdhalter
Copy link
Contributor

hdhalter commented Dec 5, 2023

See also: #2359

@hdhalter hdhalter removed this from the 2022-Q3 milestone Dec 5, 2023
@hdhalter
Copy link
Contributor

hdhalter commented Dec 5, 2023

Missing cluster-level permissions: #1656

@hdhalter hdhalter changed the title [FEATURE] Enhance documentation to provide clarity for some index level permissions used as cluster level permissions [DOC] Enhance documentation to provide clarity for some index level permissions used as cluster level permissions Apr 11, 2024
@hdhalter hdhalter mentioned this issue May 21, 2024
Closed
1 task
@AntonEliatra
Copy link
Contributor

@hdhalter I can take this one

@hdhalter hdhalter added the 2 - In progress Issue/PR: The issue or PR is in progress. label May 22, 2024
@hdhalter hdhalter mentioned this issue Jun 6, 2024
Merged
1 task
@hdhalter hdhalter added 3 - Done Issue is done/complete and removed 2 - In progress Issue/PR: The issue or PR is in progress. labels Jun 6, 2024
@hdhalter
Copy link
Contributor

hdhalter commented Jun 6, 2024

Closed by #7161

@hdhalter hdhalter closed this as completed Jun 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AntonEliatra AntonEliatra

Labels
3 - Done Issue is done/complete security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Moving cluster indices permission to cluster section #1656 AntonEliatra/documentation-website
5 participants
@donjude @AntonEliatra @Naarcha-AWS @hdhalter @cwillum