All Collections
Account Access, Users & Teams
Roles & Access
Using the OpenSearch Custom Role to manage granular access to your Stack
Using the OpenSearch Custom Role to manage granular access to your Stack

Learn how to use OpenSearch Security to manage granular access to your Stack

Chris Cottam avatar
Written by Chris Cottam
Updated over a week ago

Using the OpenSearch Custom Role

Adding a user to a team that has the OpenSearch Custom Role selected, gives you the flexibility to decide very granular permissions directly using the OpenSearch Security roles.

Tip: You can manage Kibana Custom Roles directly from the Teams Dashboard and only need to manage roles using OpenSearch Security Roles directly if you have a specific granular use case.

Managing Security Roles directly in OpenSearch

Launch OpenSearch Dashboards and from the left menu choose Security > Roles and choose the required Role for example stack_user_ro. Choose the Mapped Users tab and Manage Mapping.

Paste the User Id into the Users input box. You can find the User Id by choosing profile in the left menu of the platform dashboard.

Map user in Kibana

Choose Map to add the user to the Kibana Role. You can add multiple users at the same time using this method.

Viewing which Roles a User currently has assigned

In OpenSearch from the left menu choose Security > Roles. Choose from the Internal Users dropdown the required users Id.

The Roles that the selected user(s) are mapped to are then displayed in the list.

Kibana roles

Adding a new OpenSearch Role

If you need to create a new role to save time you can duplicate an existing role, for example, the stack_user role and choose Actions > Duplicate. This allows you to then edit the duplicated role and just modify index and tenant permissions where needed.

Tip: In most cases, any new roles will need to have read access to the following indexes to allow the OpenSearch Discover view to work as expected .kibana .kibana-6 .kibana_*

Removing a User from a specific OpenSearch Role

To remove a user's Id from OpenSearch Security choose the required Role and select the Mapped Users tab. Select the user that you need to remove and choose Delete Mapping. The User no longer has permission to access the selected Role.

What's next?

Did this answer your question?