- Newest
- Most votes
- Most comments
Hi,
I understand you would like to add permissions to fine grained access control in OpenSearch and the AWS user doesn't have the correct permissions.
Fine-grained access control lets user perform action. You manage fine-grained access control permissions using roles, users, and mappings. This section describes how to create and apply those resources. We recommend that you sign in to Dashboards as the master user to perform these operations. Kindly follow the steps listed below:
Create roles
Just like users, you can create roles using OpenSearch Dashboards, roles.yml, or the REST API. OpenSearch Dashboards
Choose Security, Roles, and Create role.
Provide a name for the role.
Add permissions as desired.
For example, you might give a role no cluster permissions, read permissions to two indexes, unlimited permissions to a third index, and read permissions to the analysts tenant.
Choose Submit.
Map users to roles
If you didn’t specify roles when you created your user, you can map roles to it afterwards.
Just like users and roles, you create role mappings using OpenSearch Dashboards, roles_mapping.yml, or the REST API. OpenSearch Dashboards
Choose Security, Roles, and a role.
Choose the Mapped users tab and Manage mapping.
Specify users or external identities (also known as backend roles).
Choose Map.
**If the answer is helpful, please click "Accept Answer" and upvote it. **
Kind regards, Ahmed
Reference: [1] https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html [2] https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-concepts [3] https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago