Could I create a new backend role?
I don’t find any doc about this.
Thank you in advance
Could I create a new backend role?
I don’t find any doc about this.
Thank you in advance
Doesn’t https://opendistro.github.io/for-elasticsearch-docs/docs/security-access-control/users-roles/ suffice?
Ok, but I have several doubts…
My scenario is the next one:
I try to use the jwt authentication, so I need to create roles.
I’ve tested several situations and I ask if I can create a role, with a mapping role linked to backend role (admin)
{
"index_permissions": [
{
"index_patterns": [
"*"
],
"fls": [],
"masked_fields": [],
"allowed_actions": [
"read"
]
}
],
"tenant_permissions": [
{
"tenant_patterns": [
"*"
],
"allowed_actions": [
"read"
]
}
],
"cluster_permissions": [
"*"
]
}
{
"backend_roles": [
"admin"
],
"hosts": [],
"users": []
}
My jwt token has the next payload:
{
“sub”: “read_user”,
“roles”: “MY-ROLE”,
“iat”: 1588835299,
“exp”: 1648750692
}
So, my problem is that I have 403 Response “reason”: “no permissions for [cluster:monitor/health] and User [name=read_user, backend_roles=[MY-ROLE], requestedTenant=null]”"
I think that it should work, right?
I presume that the first JSON is the role that you want to map to the backend role MY_ROLE
and the second JSON is the role mapping?
Then the role mapping JSON should be like this
{
"backend_roles": [
"admin",
"MY_ROLE"
],
"hosts": [],
"users": []
}
But maybe I’m getting this totally wrong.
Ok,it works, thank you so much