From af797215b68d1c5f3b79c32f53d2e9d4f89ffa5b Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Wed, 27 Mar 2024 10:03:01 -0500 Subject: [PATCH] Apply suggestions from code review Co-authored-by: Nathan Bower Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- .../access-control/document-level-security.md | 10 +++++----- _security/access-control/users-roles.md | 18 +++++++++--------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/_security/access-control/document-level-security.md b/_security/access-control/document-level-security.md index c8327b5e12..1a3a93962b 100644 --- a/_security/access-control/document-level-security.md +++ b/_security/access-control/document-level-security.md @@ -11,15 +11,15 @@ redirect_from: # Document-level security (DLS) Document-level security lets you restrict a role to a subset of documents in an index. -For more information about users and roles in OpenSearch, see the [documentation](https://opensearch.org/docs/latest/security/access-control/users-roles/#create-roles). +For more information about OpenSearch users and roles, see the [documentation](https://opensearch.org/docs/latest/security/access-control/users-roles/#create-roles). Use the following steps to get started with document-level and field-level security: 1. Open OpenSearch Dashboards. -2. Choose **Security** > **Roles** +2. Choose **Security** > **Roles**. 3. Select **Create Role** and provide a name for the role. 4. Review the **Index permissions** section and any necessary [index permissions](https://opensearch.org/docs/latest/security/access-control/permissions/) for the role. -5. Add document-level security with the addition of a DSL query inside the `Document level security - optional` section. A typical request to the `_search` API includes the `{ "query": { ... } }` around the query, but when Document-level security in OpenSearch Dashboards, you only need to specify the query itself. For example, the following DSL query specifies that for the new role to have access to a document, the query's `genres` field must include `Comedy`: - - For example, the following DSL could be added in the `Document level security - optional` text box. +5. Add document-level security, with the addition of a Domain Specific Language (DSL) query inside the `Document level security - optional` section. A typical request sent to the `_search` API includes `{ "query": { ... } }` around the query, but with document-level security in OpenSearch Dashboards, you only need to specify the query itself. For example, the following DSL query specifies that for the new role to have access to a document, the query's `genres` field must include `Comedy`: + - For example, the following DSL query can be entered in the `Document level security - optional` text box. - This query specifies that for the role to have access to a document, its `genres` field must include `Comedy` - A typical request to the `_search` API includes `{ "query": { ... } }` around the query, but in this case, you only need to specify the query itself. ```json @@ -36,7 +36,7 @@ Use the following steps to get started with document-level and field-level secur - ![Document- and field-level security screen in OpenSearch Dashboards]({{site.url}}{{site.baseurl}}/images/security-dls.png) -## Updating roles by accessing the Rest API +## Updating roles by accessing the REST API In the REST API, you provide the query as a string, so you must escape your quotes. This role allows a user to read any document in any index with the field `public` set to `true`: diff --git a/_security/access-control/users-roles.md b/_security/access-control/users-roles.md index 6d32e666fd..ae7670bc29 100644 --- a/_security/access-control/users-roles.md +++ b/_security/access-control/users-roles.md @@ -16,20 +16,20 @@ Roles are the core way of controlling access to your cluster. Roles contain any ## Creating and editing OpenSearch roles -OpenSearch can be updated using one of the following methods: +You can update OpenSearch by using one of the following methods. ### Using the API -You can make HTTP requests to endpoints provided by OpenSearch to update security roles, permissions, and associated settings. This method offers granular control and automation capabilities for managing roles. +You can send HTTP requests to OpenSearch-provided endpoints to update security roles, permissions, and associated settings. This method offers granular control and automation capabilities for managing roles. ### Using the UI (OpenSearch Dashboards) -OpenSearch Dashboards provides a user-friendly interface for managing roles. Navigate to the Security section within OpenSearch Dashboards where the roles, permissions, and document-level security settings are configured. When updating the roles using the UI, OpenSearch Dashboards calls the API in the background to implement these changes. +OpenSearch Dashboards provides a user-friendly interface for managing roles. Roles, permissions, and document-level security settings are configured in the Security section within OpenSearch Dashboards. When updating roles through the UI, OpenSearch Dashboards calls the API in the background to implement the changes. ### Editing the `roles.yml` file -If you using OpenSearch and want more granular control security configuration, you can edit roles and their associated permissions inside the `roles.yml` file. This method provides direct access to the underlying configuration and can be version-controlled for use in collaborative development environments. -For more information about creating roles, see the [Create Roles documentation][https://opensearch.org/docs/latest/security/access-control/users-roles/#create-roles). +If you want more granular control of your security configuration, you can edit roles and their associated permissions in the `roles.yml` file. This method provides direct access to the underlying configuration and can be version controlled for use in collaborative development environments. +For more information about creating roles, see the [Create roles][https://opensearch.org/docs/latest/security/access-control/users-roles/#create-roles) documentation. Unless you need to create new [reserved or hidden users]({{site.url}}{{site.baseurl}}/security/access-control/api/#reserved-and-hidden-resources), we **highly** recommend using OpenSearch Dashboards or the REST API to create new users, roles, and role mappings. The `.yml` files are for initial setup, not ongoing use. {: .warning } @@ -94,13 +94,13 @@ See [Create role]({{site.url}}{{site.baseurl}}/security/access-control/api/#crea ## Edit roles -You can edit roles using one of the following methods: +You can edit roles using one of the following methods. ### OpenSearch Dashboards -1. Choose **Security** > **Roles**. Under the **Create role** section, select **Explore existing roles**. -1. Select the role you would like to edit. -1. Choose **edit role** on the upper right. Make any updates you need to the role. +1. Choose **Security** > **Roles**. In the **Create role** section, select **Explore existing roles**. +1. Select the role you want to edit. +1. Choose **edit role**. Make any necessary updates to the role. 1. To save your changes, select **Update**. ### roles.yml