If you're upgrading to 2.5 from a previous OpenSearch Service domain version, the snapshot management security permissions might not be defined on the domain. Non-admin users must be mapped to this role in order to use snapshot management on domains using fine-grained access control. To manually create the snapshot management role, perform the following steps:
-
In OpenSearch Dashboards, go to Security and choose Permissions.
-
Choose Create action group and configure the following groups:
Group name Permissions snapshot_management_full_access-
cluster:admin/opensearch/snapshot_management/* -
cluster:admin/opensearch/notifications/feature/publish -
cluster:admin/repository/* -
cluster:admin/snapshot/*
snapshot_management_read_access-
cluster:admin/opensearch/snapshot_management/policy/get -
cluster:admin/opensearch/snapshot_management/policy/search -
cluster:admin/opensearch/snapshot_management/policy/explain -
cluster:admin/repository/get -
cluster:admin/snapshot/get
-
-
Choose Roles and Create role.
-
Name the role snapshot_management_role.
-
For Cluster permissions, select
snapshot_management_full_accessorsnapshot_management_read_access. -
Choose Create.
-
After you create the role, map it to any user or backend role that will manage snapshots.
