Creating a Read-Only User with Dashboard Access in OpenSearch
Introduction
This document outlines the steps to create a user with read-only permissions in OpenSearch. This user can access dashboards but is restricted from performing any data modification tasks.
Prerequisites
- Access to OpenSearch with administrative privileges.
- OpenSearch Dashboards configured and running.
- Security plugin enabled in OpenSearch (e.g., OpenSearch Security or equivalent).
Steps to Create the User
- Log in to OpenSearch Dashboards
Open the OpenSearch Dashboards URL in your browser and log in using an administrative account.
- Create a Role with Read-Only Permissions
- Navigate to Security > Roles.
- Click Create Role and configure the following:
- Role Name: read-only
- Cluster Permissions: indices:/data/read/mget
- Index Permissions:
- Add index permissions
- In index add (.kibana_1)
- In index permissions Assign the read
- Tenant permissions:
- In Tenant section add private_copy assign (read_only)
- Save the role.
- Create it
- Create the User
- Navigate to Security > Users.
- Click Create User and provide the following details:
- Username: read_logs
- Password: A strong password.
- Save changes, create it.
- Map the User to the Role
- Under the selected role(readonly_user), navigate to the Mapped Users tab.
- Click on Manage Mappings.
- In the Map Users section, perform the following steps:
- Map a User: Add the username of the user to grant read-only access (e.g., readonly_user).
- Login the mapped users with (read_only dashboard privileges)
- Go to URL and add username: (read_logs) and passwords: ()
- Choose custom template (private_copy)
- Showing the dashboard read_only