update read access to specific indices (#5590)

Signed-off-by: Fen Qin <[email protected]>
Signed-off-by: Darshit Chanpura <[email protected]>
Signed-off-by: Craig Perkins <[email protected]>
Co-authored-by: Jialiang Liang <[email protected]>
Co-authored-by: Craig Perkins <[email protected]>
Co-authored-by: Darshit Chanpura <[email protected]>
Co-authored-by: Craig Perkins <[email protected]>

Author: 4 people

CHANGELOG.md

@@ -11,6 +11,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Ensure all restHeaders from ActionPlugin.getRestHeaders are carried to threadContext for tracing ([#5396](https://github.com/opensearch-project/security/pull/5396))
 - Deprecate plugins.security.system_indices.indices ([#5775](https://github.com/opensearch-project/security/pull/5775))
 - Allow overlap of static and custom security configs, but prefer static ([#5805](https://github.com/opensearch-project/security/pull/5805))
+- Update read access to specific search-relevance indices ([#5590](https://github.com/opensearch-project/security/pull/5590))
 
 ### Features
 

config/roles.yml

@@ -487,7 +487,7 @@ search_relevance_full_access:
         - '*'
       allowed_actions:
         - 'indices:admin/mappings/get'
-        - 'indices:data/read/search*'
+        - 'indices:data/read/*'
 
 # Allow users to read Search Relevance resources
 search_relevance_read_access:
@@ -497,6 +497,12 @@ search_relevance_read_access:
     - 'cluster:admin/opensearch/search_relevance/judgment/get'
     - 'cluster:admin/opensearch/search_relevance/queryset/get'
     - 'cluster:admin/opensearch/search_relevance/search_configuration/get'
+  index_permissions:
+    - index_patterns:
+        - 'search-relevance-*'
+      allowed_actions:
+        - 'indices:admin/mappings/get'
+        - 'indices:data/read/*'
 
 # Allow users to read Forecast resources
 forecast_read_access: