---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "opensearch_role Resource - terraform-provider-opensearch"
subcategory: ""
description: |-
  Provides an OpenSearch security role resource. Please refer to the OpenSearch Access Control documentation for details.
---

# opensearch_role (Resource)

Provides an OpenSearch security role resource. Please refer to the OpenSearch Access Control documentation for details.

## Example Usage

```terraform
# Create a role
resource "opensearch_role" "writer" {
  role_name   = "logs_writer"
  description = "Logs writer role"

  cluster_permissions = ["*"]

  index_permissions {
    index_patterns  = ["logstash-*"]
    allowed_actions = ["write"]
  }

  tenant_permissions {
    tenant_patterns = ["logstash-*"]
    allowed_actions = ["write"]
  }
}

# To set document level permissions:
resource "opensearch_role" "writer" {
  role_name = "foo_writer"

  cluster_permissions = ["*"]

  index_permissions {
    index_patterns          = ["pub*"]
    allowed_actions         = ["read"]
    document_level_security = "{\"term\": { \"readable_by\": \"$${user.name}\"}}"
  }
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `role_name` (String) The name of the security role.

### Optional

- `cluster_permissions` (Set of String) A list of cluster permissions.
- `description` (String) Description of the role.
- `index_permissions` (Block Set) A configuration of index permissions (see [below for nested schema](#nestedblock--index_permissions))
- `tenant_permissions` (Block Set) A configuration of tenant permissions (see [below for nested schema](#nestedblock--tenant_permissions))

### Read-Only

- `id` (String) The ID of this resource.

<a id="nestedblock--index_permissions"></a>
### Nested Schema for `index_permissions`

Optional:

- `allowed_actions` (Set of String) A list of allowed actions.
- `document_level_security` (String) A selector for document-level security (json formatted using jsonencode).
- `field_level_security` (Set of String) A list of selectors for field-level security.
- `index_patterns` (Set of String) A list of glob patterns for the index names.
- `masked_fields` (Set of String) A list of masked fields


<a id="nestedblock--tenant_permissions"></a>
### Nested Schema for `tenant_permissions`

Optional:

- `allowed_actions` (Set of String) A list of allowed actions.
- `tenant_patterns` (Set of String) A list of glob patterns for the tenant names

## Import

Import is supported using the following syntax:

```shell
terraform import opensearch_role.writer logs_writer
```