Permissions problem with tenants in ELK 6.8.6

NetwarSystem · May 24, 2020, 10:03pm

I have Elasticsearch 6.8.6 and the relevant plugins for Search Guard running. I have created tenants and assigned permissions. I used the following as the guide to configure the setup:

Here are the relevant snippets.

#sg_roles.yml

smiu:
  indices:
    '*':
      '*':
        - indices:data/read/get
        - indices:data/read/search
    't?uk*':
      '*':
        - READ
    't?sm*':
      '*':
        - READ
    'collectusers':
      '*':
        - READ
  tenants:
    smiu: RW

#sg_roles_mapping.yml

smiu:
  backendroles:
    - smiu

Any account that has the admin role works:

nealr:
  roles:
    - admin
    - smiu

Any account that just has the sg_kibana_user permission and its tenant does not have access.

smiudemo:
  roles:
    - sg_kibana_user
    - smiu

I think I am having the same problem as described here, but I carefully read through it, checked my files, and the solution in there doesn’t fix my problem.

I have enough users now that I don’t want to give them all admin … what is the solution to this?

srgbnd · May 25, 2020, 8:19am

Do you have any error in the Kibana or Elasticsearch logs? Please provide the logs.

srgbnd · May 25, 2020, 8:21am

Also, we need the following config files:

elasticsearch/config/elasticsearch.yml
elasticsearch/plugins/search-guard-7/sgconfig/sg_config.yml
kibana/config/kibana.yml

NetwarSystem · June 3, 2020, 10:18pm

Here are the requested files from our system.

SG.zip (6.1 KB)

Topic		Replies	Views
Permissions issue for tenant X Search Guard	12	523	April 25, 2022
Multitenancy ELK 7.8 Search Guard	20	1306	October 19, 2020
Creating Multiple Tenants Search Guard	1	518	October 9, 2018
Can we use Community version of Search Guard for Kibana User authoriztion Search Guard	5	813	April 25, 2019
Search guard kibana not working. Search Guard	4	392	January 25, 2018

Permissions problem with tenants in ELK 6.8.6

Related Topics