Dynamic tenant pattern in role

Hello!
Is there support for dynamic tenant patterns like there is for the index patterns when creating a role.
Using .kibana_*_tenant${openidAttribute}* works inside of index patterns but tenant-${openidAttribute} doesn’t work for tenant patterns?
And if a user role is connected to the tenant why doesn’t it have access to its’ specific .kibana tenant index unless it’s added manually(by adding .kibana_*_tenant${openidAttribute}* to the index pattern permissions)?
To enable this the user role is connected to the main kibana role but then he has access to all of the kibana indices and not only his own?
Thank you!

Not at the moment, but the feature is already in the backlog and will be added in one of the next releases.

Regarding tenants: Access to the tenant indices is handled by the Search Guard plugin automatically. Usually there is no need to configure any explicit permission for the index, unless you want to access it directly, which is discouraged by Elasticsearch and Kibana. If you want to modify saved objects in the tenant index, you should use the Kibana saved objecs API:

https://www.elastic.co/guide/en/kibana/master/saved-objects-api.html

To refer to a specific tenant, you just need to add the tenant name as HTTP header to your curl call:

-H "sgtenant: <tenantname>"

This part I don’t understand, can you elaborate please what you mean by this?

Thank you very much for the answers!
For a user to have the permission to see it’s tenant kibana objects it needs to have the main kibana role assigned?

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.