Create Backend role

Security
1

Could I create a new backend role?

I don’t find any doc about this.

Thank you in advance

2

Doesn’t https://opendistro.github.io/for-elasticsearch-docs/docs/security-access-control/users-roles/ suffice?

3

Ok, but I have several doubts…
My scenario is the next one:
I try to use the jwt authentication, so I need to create roles.
I’ve tested several situations and I ask if I can create a role, with a mapping role linked to backend role (admin)

{
  "index_permissions": [
    {
      "index_patterns": [
         "*"
       ],
       "fls": [],
       "masked_fields": [],
       "allowed_actions": [
          "read"
        ]
      }
    ],
   "tenant_permissions": [
       {
          "tenant_patterns": [
              "*"
            ],
           "allowed_actions": [
              "read"
           ]
        }
      ],
      "cluster_permissions": [
          "*"
      ]
}

{
  "backend_roles": [
    "admin"
  ],
  "hosts": [],
  "users": []
}

My jwt token has the next payload:
{
“sub”: “read_user”,
“roles”: “MY-ROLE”,
“iat”: 1588835299,
“exp”: 1648750692
}

So, my problem is that I have 403 Response “reason”: “no permissions for [cluster:monitor/health] and User [name=read_user, backend_roles=[MY-ROLE], requestedTenant=null]”"

I think that it should work, right?

4

I presume that the first JSON is the role that you want to map to the backend role MY_ROLE and the second JSON is the role mapping?

Then the role mapping JSON should be like this

{
  "backend_roles": [
    "admin",
    "MY_ROLE"
  ],
  "hosts": [],
  "users": []
}

But maybe I’m getting this totally wrong.

5

Ok,it works, thank you so much :slight_smile: