Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Read only user seeing 403 error when viewing Dashboards #873

Open
hsiang9431-amzn opened this issue Aug 3, 2021 · 7 comments
Open
Labels
backlog Issues that the Dashboards core team is interested in pursuing but are not yet on the roadmap bug Something isn't working

Comments

@hsiang9431-amzn
Copy link

Describe the bug
When logging in as a read only user, 403 error with message "Unable to update UI setting" is shown in the browser app.

To Reproduce
Steps to reproduce the behavior:

  1. Create a new user
  2. Duplicate the role kibana_user to kibana_user_global_ro
  3. Edit kibana_user_global_ro so that it has read only permission on global_tenant
  4. Create index pattern and dashboards in Global tenant
  5. Log in as the user, view global tenant and see the error

Expected behavior
No error shall be shown

Plugins
security frontend and backend

Screenshots
Screen Shot 2021-08-03 at 4 24 30 PM

@hsiang9431-amzn
Copy link
Author

Identified not fixable in security plugin.

Need to transfer to suitable owner

@zhyuanqi
Copy link
Collaborator

Managed to reproduce this issue and found out the error message was “no permissions for [indices:data/write/update]”. This is expected because you only gives read permission for global tenant but in cluster permission setting part, both write and read permission are given. This conflict causes the error message shows up. If you give both read and write permission to global tenant, error message disappears.

@hsiang9431-amzn
Copy link
Author

@tmarkley
Copy link
Contributor

@hsiang9431-amzn does this issue need to be transferred to the https://github.com/opensearch-project/OpenSearch-Dashboards repository?

@hsiang9431-amzn
Copy link
Author

@tmarkley
Copy link
Contributor

@opensearch-project/admin please transfer this to the OpenSearch-Dashboards repository.

@peternied peternied transferred this issue from opensearch-project/security-dashboards-plugin Oct 14, 2021
@tmarkley tmarkley added bug Something isn't working backlog Issues that the Dashboards core team is interested in pursuing but are not yet on the roadmap labels Nov 30, 2021
AMoo-Miki pushed a commit to AMoo-Miki/OpenSearch-Dashboards that referenced this issue Feb 10, 2022
AMoo-Miki pushed a commit to AMoo-Miki/OpenSearch-Dashboards that referenced this issue Feb 10, 2022
# [24.0.0](elastic/elastic-charts@v23.2.1...v24.0.0) (2020-10-19)

### Bug Fixes

* **annotation:** annotation rendering with no yDomain or groupId ([opensearch-project#842](elastic/elastic-charts#842)) ([6bad0d7](elastic/elastic-charts@6bad0d7)), closes [opensearch-project#438](elastic/elastic-charts#438) [opensearch-project#798](elastic/elastic-charts#798)

### Features

* **bar_chart:** add Alignment offset to value labels ([opensearch-project#784](elastic/elastic-charts#784)) ([106d924](elastic/elastic-charts@106d924))
* **bar_chart:** add shadow prop for value labels ([opensearch-project#785](elastic/elastic-charts#785)) ([de95b44](elastic/elastic-charts@de95b44))
* **bar_chart:** scaled font size for value labels ([opensearch-project#789](elastic/elastic-charts#789)) ([8b74a9d](elastic/elastic-charts@8b74a9d)), closes [opensearch-project#788](elastic/elastic-charts#788)
* **heatmap:** allow fixed right margin ([opensearch-project#873](elastic/elastic-charts#873)) ([dd34574](elastic/elastic-charts@dd34574))

### BREAKING CHANGES

* **bar_chart:** The `DisplayValueStyle` `fontSize` property can now express an upper and lower bound as size, used for the automatic scaling.
* **bar_chart:** The `DisplayValueStyle` `fill` property can now express a border color and width, or let the library pick the best match based on contrast using the textInvertible parameter.
@kavilla
Copy link
Member

kavilla commented Apr 3, 2022

Hello @hsiang9431-amzn,

Sorry about the delay on this. Could expand on what we can do here from the OpenSearch Dashboards. It would appear based @zhyuanqi findings it's dealing with how the role is being duplicated and the cluster settings?

We wouldn't be able to update this functionality about ensuring a default index on the system index we use because Core OpenSearch Dashboards currently has no insight on the roles and would also break current workflows.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backlog Issues that the Dashboards core team is interested in pursuing but are not yet on the roadmap bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants