[BUG]Permission issue on AWS managed Opensearch 2.7 Indices search bar under Index Management.

[Its-Ankush]

Describe the bug
This issue is related to AWS managed Opensearch 2.7 where FGAC is enabled. Im creating 3 indices by the name index, index1 and index2. I use my own custom role "read_only_certain" [I will share it below]. I have index patterns as index, index1 as shown below in the image

When I search for the index name index in the search bar under Index Management > Indices, it shows me [security_exception] no permissions for [indices:monitor/settings/get] and User [name=abc, backend_roles=[], requestedTenant=] however when I search for the index index1, it does appear. I think this can be a bug

To Reproduce
Steps to reproduce the behavior:

1. Create the following role and assign it to an internal user-

PUT _opendistro/_security/api/roles/read_only_certain
{
  "cluster_permissions": [
    "cluster_composite_ops_ro",
    "cluster_monitor",
    "read"
  ],
  "index_permissions": [
    {
      "index_patterns": [
        "index",
        "index1"
      ],
      "dls": "",
      "fls": [],
      "masked_fields": [],
      "allowed_actions": [
        "read",
        "indices_monitor",
        "indices:admin/get"
      ]
    }
  ],
  "tenant_permissions": [
    {
      "tenant_patterns": [
        "global_tenant"
      ],
      "allowed_actions": [
        "kibana_all_write"
      ]
    }
  ]
}

3. Login to that user and go to Index Management > Indices and search for the above indices as mentioned

4. See error
   When I search for index
   

When I search for index1

Expected behavior
The expected behaviour is that I should be able to see the index as well and not just index1

Plugins
Im using FGAC opensearch-security plugin

Screenshots
Shared above

Host/Environment (please complete the following information):

• OS: MacOS
• Version: AWS Managed Opensearch 2.7

Additional context

This only happens when I use names like index and index1 . The string "index" is contained in other string "index1" so maybe there is something related to that.

This is the request that Opensearch builds when i search for index1

https://search-abc-es.amazonaws.com/_dashboards/api/ism/_indices?from=0&size=20&search=index1&sortField=index&sortDirection=desc&showDataStreams=false&terms=index1&=&=

Response

{"ok":true,"response":{"indices":[{"health":"green","status":"open","index":"index1","uuid":"fzTUjTcZT7m0hKF0TeVXGg","pri":"5","rep":"1","docs.count":"0","docs.deleted":"0","store.size":"2kb","pri.store.size":"1kb","data_stream":null,"extraStatus":"open","managed":"Yes","managedPolicy":"N/A"}],"totalIndices":1}}

This is the request that Opensearch builds when i search for index

https://search-abc-es.amazonaws.com/_dashboards/api/ism/_indices?from=0&size=20&search=index&sortField=index&sortDirection=desc&showDataStreams=false&terms=index&=&=

Response

{"ok":false,"error":"[security_exception] no permissions for [indices:monitor/settings/get] and User [name=abc, backend_roles=[], requestedTenant=]"}

Edit - Its important to note that both of the below works

GET _cat/indices/index
GET _cat/indices/index1

[Its-Ankush]

Can anyone please share some inputs ?

[dblock]

Sorry for checking in so late. Were you able to figure out this issue?

Is this only a problem on AWS? If so, could you please open a ticket with AWS and close the issue here?

[Triage -- attendees 1, 2, 3, 4, 5, 6, 7]

[Its-Ankush]

I will test it today in the open source version as well and will then close if its related to AWS :)

Thank you Daniel

[Its-Ankush]

@dblock I can confirm that this is present in the Open Source version as well. Using v 2.14.0 to reproduce this and looks like this is an issue with how the dashboards is sending the search request.