opensearch-project
[BUG] Read only users see "[security_exception] no permissions" when looking at index patterns that point to no indices
Describe the bug
Currently we have many read only users who will occasionally run into a bug where if they open an index pattern that points to no indices they see the below error
Error fetching fields for index pattern cognos1291_test_datasource_scripted_pattern (ID: cognos1291_test_datasource_scripted_pattern)
[object Object]: [security_exception] no permissions for [indices:data/read/field_caps] and User [name=/cn=cognos base user, ou=integration, o=cognos, l=aurora, st=colorado]
This causes confusion for users as it gives them the impression they cannot see the info, not that there is no data.
Related component
No response
To Reproduce
- Create an index pattern that points to no indices (easiest way to force it is to create an index pattern pointing at an index which is then deleted)
- As a user with read only permissions
- Go to Dashboards Management, select the created index pattern above
- See error like below image
Expected behavior
Would expect that for a read only user that they would also see the same much more descriptive error that a user with read and write can see
Additional Details
Plugins Please list all plugins currently enabled.
Screenshots If applicable, add screenshots to help explain your problem.
Host/Environment (please complete the following information):
- OS: [e.g. iOS]
- Version [e.g. 22]
Additional context Add any other context about the problem here.
This looks like logic related to authorization, so it probably belongs in the security repository.
@opensearch-project/admin Can you transfer this to the security repo?
[Triage] Thank you for filing this issue @jhenley-icr-team w/ reproduction steps. Marking this issue as triaged, I am not familiar with the field capabilities call that dashboards is making here and how the index resolution works for that call. I will take a deeper look at this to understand what indices are being resolved to.
