On my development Elasticsearch cluster, I am trying to add the multitenancy feature. However, after setting up everything (and flushing cache), I don’t seem to
be able to create index patterns in Kibana. The error shown in the ES logs is:
es-hot1.c1: [2018-11-28T13:21:03,457][WARN ][c.f.s.c.PrivilegesInterceptorImpl] Tenant dummytenant is not allowed for user dummyuser
[2018-11-28T13:21:03,458][INFO ][c.f.s.c.PrivilegesEvaluator] No index-level perm match for User [name=dummyuser, roles=[dummytag], requestedTenant=dummytenant] [IndexType [index=.kibana6_-143601838_dummytenant, type=*]] [Action [[indices:admin/create]]] [RolesChecked ]
``
Important remarks:
- Logging into Kibana works
- The tenants page shows “Active tenant: dummytenant”
Am I doing something wrong? Or is the tenant system only for Dashboards / Visualizations and not index patterns? If that is the case, why can’t I see the index patterns
from other users then?
- Search Guard and Elasticsearch version
ES: 6.2.3
SG: 6.2.3-31.0
SG-Kibana: 6.2.3-12
- Installed and used enterprise modules, if any
All
-
JVM version and operating system version
1.8.0_162, Debian Jessie
_searchguard/api/roles/dummytag
{
“dummytag”: {
“cluster”: [
“indices:data/read/mget”,
“indices:data/read/msearch”,
“indices:data/read/search”
],
“tenants”: {
“dummytenant”: “RW”
},
“indices”: {
“?kibana6”: {
“": [
“READ”
]
},
"?kibana6dummytenant”: {
“": [
“UNLIMITED”
]
},
"heartbeat”: {
“*”: [
“READ”
],
“dls”: “{"match":{"resolve.host":"dummytag.server"}}”
}
}
}
}
``
_searchguard/api/internalusers/dummyuser
{
“dummyuser”: {
“password”: “”,
“roles”: [
“dummytag”
],
“hash”: “$2y…”
}
}
``