[BUG] Report Permissions documentation not complete, and inconsistent

Question

[BUG] Report Permissions documentation not complete, and inconsistent

Opened this issue 6 months ago · 0 comments

What is the bug?
I have been trying to properly scope down access to tenants with just read only access to dashboards, visualisations, and reports on specific indexes, but retain the ability to generate CSV reports on saved searches and report definitions. The base role has cluster_composite_ops_ro, opensearch_dashboards_all_read, and all readonly Reporting permissions.

Reporting using OpenSearch Dashboards neither captures that indices:monitor/settings/get must be allowed on the Index permissions of the Role, nor that the Tenant Permission must be Read/Write.

Regarding the Read/Write Tenant Permission, generating a report is technically writing, but for someone just downloading a CSV of a saved search, do I have to leave the Tenant open for modification or is there another way?