Is there any way to set default tenant based on users’ LDAP roles?
Versions and Config:
Searchguard version: 6.6.1-18.1
Elastic Version: 6.6.1
OS version: CentOS Version 7
Elastic master nodes: 5 (statefulset)
Elastic data nodes: 4 (statefulset)
At the moment this is not possible unfortunately. But based on your role mapping from LDAP to SG roles you may be able to simulate this by setting a list of preferred tenants in kibana.yml:
Let’s say your user has access to multiple tenants, based on the Search Guard roles. The user has access to tenants “tenant2” and “tenant3”, and you want to make “tenant3” the default. You can then specify the list of preferred tenants like:
searchguard.multitenancy.tenants.preferred: [tenant3", "tenant1","tenant2", ...]
This works as long as you do not have another role that overlaps with the tenant order of the first user.