asynchronous-search icon indicating copy to clipboard operation
asynchronous-search copied to clipboard
verified publisher icon opensearch-project

[BUG] Users without back-end roles should not be able to see each-other's searches

Open dblock opened this issue 3 years ago • 0 comments

What is the bug? The permissive by default design documented in https://github.com/opensearch-project/documentation-website/pull/859 seems surprising. In most systems, someone without any roles cannot see anything.

  1. What was the motivation for that design?
  2. Are there other parts/plugins of OpenSearch that behave differently than this, ie. do we have a design that's different for different types of queries/objects/plugins?

What is the expected behavior? I expect users that don't have any backend roles not to be able to see each-other's searches.

dblock avatar Aug 12 '22 17:08 dblock