Zheng, Xiu
2dfeaff8f9
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com> Co-authored-by: Zheng, Xiu <zhengxiu@huawei.com> Co-committed-by: Zheng, Xiu <zhengxiu@huawei.com>
17 KiB
Creating and Authorizing a User on the OpenSearch Dashboards
Prerequisites
The security mode has been enabled for the OpenSearch cluster.
Parameters
Parameter |
Description |
|---|---|
Permission |
Single permission, for example, creating an index (for example, indices:admin/create) |
Action group |
A group of permissions. For example, the predefined SEARCH action group grants roles permissions to use _search and _msearchAPI. |
Role |
A role is a combination of permissions and action groups, including operation permissions on clusters, indexes, documents, or fields. |
Backend role |
(Optional) Other external roles from the backend such as LDAP/Active Directory |
User |
A user can send operation requests to Elasticsearch clusters. The user has credentials such as username and password, and zero or multiple backend roles and custom attributes. |
Role mapping |
A user will be assigned a role after successful authentication. Role mapping is to map a role to a user (or a backend role). For example, the mapping from kibana_user (role) to jdoe (user) means that John Doe obtains all permissions of kibana_user after being authenticated by kibana_user. Similarly, the mapping from all_access (role) to admin (backend role) means that any user with the backend role admin (from the LDAP/Active Directory server) has all the permissions of role all_access after being authenticated. You can map each role to multiple users or backend roles. |
You can customize the username, role name, and tenant name in the OpenSearch Dashboards.
Procedure
- Log in to the OpenSearch Dashboards.
- Log in to the CSS management console.
- In the navigation pane, choose Clusters > OpenSearch.
- Choose Clusters in the navigation pane. On the Clusters page, locate the target cluster and click Access Kibana in the Operation column.
- Enter the administrator username and password to log in to the OpenSearch Dashboards.
- Username: admin (default administrator account name)
- Password: Enter the administrator password you set when creating the cluster in security mode.Figure 1 Logging in to OpenSearch
- Creating a user.
- On the OpenSearch Dashboards page, choose Security. The Security page is displayed.Figure 2 Going to the Security page
- Choose Internal users on the left. The user creation page is displayed.Figure 3 Creating a user
- Click Create internal user. The user information configuration page is displayed.
- In the Credentials area, enter the username and password.Figure 4 Entering the username and password
- Click Create. After the user is created, it is displayed in the user list.Figure 5 User information
- On the OpenSearch Dashboards page, choose Security. The Security page is displayed.
- Create a role and grant permissions to the role.
- Select Roles from the Security drop-down list box.
- On the Roles page, click Create role. The role creation page is displayed.
- In the Name area, set the role name.Figure 6 Setting a role name
- On the Cluster Permissions page, set the cluster permission. Set cluster permissions based on service requirements. If this parameter is not specified for a role, the role has no cluster-level permissions.Figure 7 Assigning cluster-level permissions
- In the Index Permissions area, set the index permission.Figure 8 Setting index permissions
- On the Tenant Permissions page, set role permissions.Figure 9 Role permissions
After the setting is complete, you can view the created role on the Roles page.
- Map a user with a role to bind them.
- Select Roles from the Security drop-down list box.
- On the Roles page, select the role to be mapped. The role mapping page is displayed.
- On the Mapped users tab page, click Map users and select the user to be mapped from the users drop-down list box.
- Click Map.
- After the configuration is complete, you can check whether the configuration takes effect in OpenSearch Dashboards.