[DISCUSS] Instrument cleaner and non-blocking ways for detecting the index permissions for the users. #422
Labels
enhancement
New request
Comments
1 task
|
This relates to the ask for security plugin to provide API that can check user's permission of certain action and here's the existing issue opensearch-project/security#566 |
bowenlan-amzn
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As part of #419 we addressing the concerns for stackoverflow issue due to recursive Explain Action calls. Related issue #414
However, The non operational transport action that is used by ISM here to check if the user has required index permissions to manage index in form of TransportManagedIndexAction seems to be a workaround due to lack of better ways for mapping user permission with indices.
Multiple calls for TransportManagedIndexAction for every index as a potential problem and bottleneck for the clusters with large number of indices. It could still block the primary (transport) worker thread until all the transport action calls succeeds or fails for every index and could lead to starvation issue.
This issue to discuss and identify approaches for instrumenting some cleaner non-blocking ways of identifying index permissions for the user.
The text was updated successfully, but these errors were encountered: