Kibana Spaces are always visible across all tennants?

Hi folks,

I am trying out tennants.

I have two testusers, which reside in different tennants. With my admin user, which is mapped to standard Search Guard role “SGS_ALL_ACCESS” I have created additional Kibana Space and also an index pattern in there.

The result now is: Each of my testusers, which only have accesse to their own independant tennats can still see all the Kibana Spaces I have created, go inside and at least check the kibana index pattern names.

Can you give me a hint if there is a way to limit Kibana spaces to specific tennants so that in each tennant I can have an own set of Kibana Spaces which cannot be seen by users from other tennant?

Thanks

@Kosmonafft kibana spaces is elastic’s implementation of tenants. If you are using searchGuard’s implementation of multi-tenancy, Spaces should be disabled in kibana.yml with line:
xpack.spaces.enabled: false
(kibana restart is needed)

Once that is done, can you confirm if you are still having issues? If so, can you confirm which way you created and assigned the tenants, did you use yaml configuration files of kibana UI?
If configuration files, could you please provide these (redact any sensitive information)

Thanks for the info. Do you plan to integrate manual selection of spaces in the Kibana UI? Spaces are more comfortable to use for a user since he can see the space where he is currently in and which are available for selection.

What happens when one user has access to multiple tenants? Can he actively select which one he would like to see or does he see everything from both tenants combined in one kibana “view” ?

@Kosmonafft

Which version of SearchGuard are you using?

This feature is already implemented in the latest version, see below:

Screenshot 2021-08-09 at 09.31.20

Regarding what objects are visible:
Only the kibana objects saved to that particular tenant are visible, not a combination of different tenants.

1 Like

I am using 7.13.2-51.0.0

Perfect, the screenshot is from your version.

Do you see the same options? if not, Do you have multitenancy enabled in kibana.yml?

searchguard.multitenancy.enabled: true
searchguard.multitenancy.tenants.preferred: ["Private", "Global"]
1 Like

After I have enabled this I can see the tenants now.

My understanding was that tenant feature were already enabled in sgconfig.yml:

sg_config:
  dynamic:
    kibana:
      multitenancy_enabled: true

But it looks like it is for elasticseach and not kibana

Yes, needs entries from both sides, kibana and elasticsearch.

Glad you got this resolved :slight_smile:

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.