Hi, I am using the docker version of opensearch and with it comes some default configuration files and in one of them you list a lot of system indices.
plugins.security.system_indices.indices: [".opendistro-alerting-config", “.opendistro-alerting-alert*”, “.opendistro-anomaly-results*”, “.opendistro-anomaly-detector*”, “.opendistro-anomaly-checkpoints”, “.opendistro-anomaly-detection-state”, “.opendistro-reports-", ".opendistro-notifications-”, “.opendistro-notebooks”, “.opendistro-asynchronous-search-response*”]
I have been searching high and low in order to find what each of these are for, how safe it is to give access to them for a normal user (like you need create rights on .opendistro-reports-* in order to create reports and download them. But could you by having that access get access to data you shouldn’t have, say someone else create a report from other indices, will those be stored there?
What do all of the other ones do, the documentation is quite lacking when it comes to these security parts unfortunately. Can anyone shed some light on them? Do you need them all specified, I saw you don’t need them according to the documentation but will that mean you loose that functionality or will it be stored in .kibana_* instead?
Grateful for any insight into this labyrinth