I have created a new app for one of our teams. This includes a new role dma, and new indexes dmamain and dmasummary. The dma role has been set up to search the
main;summary;dma_main;dma_summaryindexes by default.
However when users of the app (who have the dma role) try to create a new summary scheduled search, they only get a single index listed in the "select the summary index" dropdown on the "add new" search page. They cannot see the dma_summary index that they should be using. Why is this?
The dma role has been set up to inherit capabilities from "power" and "user" roles. Their inherited capabilities are listed as:
change_own_password get_metadata get_typeahead list_inputs request_remote_tok rest_apps_view rest_properties_get rest_properties_set rtsearch schedule_search search
There doesn't look like anything else in the capability list that is relevant.
Seeing this as well and it is really annoying. The admin user can see my summary index in the summary index selection dropdown. Other users can not.
The admin user being able to see it was a clue. It turns out that the role requires "indexes_edit" capability to be able to select the summary index for writing.
This seems like a bug or inadequate granularity of permissions. I don't want a user to be able to write to anything except a summary index that they have been granted explicit read permissions to. With this capability set, they can select any index to write to.
Expecting write(indexes_edit) when granted only read(explicit) does not compute.
It is the opposite. Having to grant indexesedit capability to any index in order to be able to select a single summarycustom_index does not make sense. In the process of granting this capability, user is now able to populate summary data to any index.
The original question stated, "create a new summary scheduled search", and to me that means edit(write) to the dma_summary index. Perhaps it is a 'createnewbug'.