[Bug]: Clicking Save on Discover tab leads to permissions issue #2123
Comments
|
Transferring this issue to core dashboards repo. |
|
Looks like an authentication issue. Do you have any additinal details on why you werent able to save the search? Also @opensearch-project/admin can you transfer this to the dashboards security repo since this seems to be an auth related issue. |
|
@atalakey4work What version are you upgrading from? Was this working prior to upgrade? Are you searching on any index pattern in particular? |
|
@cwperks from version 2.16.0 to version 2.17.0. Note that I’m using the helm chart. |
|
What is the index pattern that the search is pertaining to and what plugins are installed on the cluster? |
|
There are no plugins, other than the out of the box plugins if any, installed on the cluster. The issue occurs with any index pattern. |
|
[Triage] @atalakey4work Can you provide a little more information about the setup? I am not able to reproduce the issue as described. |
cwperks
changed the title
|
@cwperks the issue started after upgrading OpenSearch and OpenSearch Dashboards to version 2.17.0. After the upgrade, I am no longer able to save new searches nor open searches previously saved. I had to downgrade OpenSearch Dashboards to version 2.16.0 to get the saved searches to work but I am still unable to save new searches. I was not able to downgrade OpenSearch as it would not allow me. I suspect it had something to do with the security plugin config so I took the latest copy from the below repo: https://github.com/opensearch-project/security/tree/main/config |
|
What index patterns are the saved searches on? I have a suspicion that there's a saved search that includes searching on system indices (system indices always start with a dot |
Describe the bug
After upgrading to OpenSearch and OpenSearch Dashboards version 2.16.0, we get error when we try to save a Discover search.
To reproduce
Expected behavior
Discover search is saved with no errors
Screenshots
Host / Environment
OpenSearch and OpenSearch Dashboards version 2.16.0
Additional context
No response
Relevant log output
{"type":"log","@timestamp":"2024-09-22T04:16:47Z","tags":["error","opensearch","data"],"pid":1,"message":"[security_exception]: no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"} {"type":"response","@timestamp":"2024-09-22T04:16:47Z","tags":[],"pid":1,"method":"post","statusCode":403,"req":{"url":"/api/saved_objects/search?overwrite=true","method":"post","headers":{"host":"[MASKED]","x-request-id":"cd1b40e738290336e5236bd11c7e11f3","x-real-ip":"11.0.0.5","x-forwarded-for":"[MASKED]","x-forwarded-host":"[MASKED]","x-forwarded-port":"443","x-forwarded-proto":"https","x-forwarded-scheme":"https","x-scheme":"https","content-length":"599","sec-ch-ua":"\"Chromium\";v=\"128\", \"Not;A=Brand\";v=\"24\", \"Google Chrome\";v=\"128\"","sec-ch-ua-platform":"\"[MASKED]\"","osd-xsrf":"osd-fetch","sec-ch-ua-mobile":"?0","user-agent":"[MASKED]","osd-version":"2.16.0","content-type":"application/json","accept":"*/*","origin":"https://[MASKED]","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://[MASKED]/app/data-explorer/discover","accept-encoding":"gzip, deflate, br, zstd","accept-language":"en-US,en;q=0.9,ar;q=0.8","priority":"u=1, i"},"remoteAddress":"10.244.1.199","userAgent":"[MASKED]","referer":"https://[MASKED]/app/data-explorer/discover"},"res":{"statusCode":403,"responseTime":19,"contentLength":9},"message":"POST /api/saved_objects/search?overwrite=true 403 19ms - 9.0B"}The text was updated successfully, but these errors were encountered: