Sgtenant header not affected on index-pattern creation

When I enable multytenancy feature on SG and kibana, tenants menu bar appear in kibana and it works as expected. But when I try to create index pattern via kibana API with sgtenant header, index pattern always created inside default global tenant. Where is my mistake?

Here is my configs:

part of kibana.yml

elasticsearch.username: "system_user"
elasticsearch.password: "kibanaserver"

elasticsearch.ssl.verificationMode: none
searchguard.accountinfo.enabled: true
searchguard.multitenancy.enabled: true
elasticsearch.requestHeadersWhitelist: ["sgtenant", "Authorization"]

part of sg_config.yml

      multitenancy_enabled: true
      server_username: 'system_user'

and my request: url [POST] http://localhost:5601/api/saved_objects/index-pattern/test


    "attributes" : {
        "title" : "test"


kbn-xsrf : true
sgtenant : admin_tenant
Content-Type: application/json
Authorization : Basic <key here>

Hm … actually the configuration you posted seems ok, and also the headers you send in the API call seem to be ok. Which version of ES/SG are you using?

Maybe you have run into an issue with the naming of the HTTP header. For a quick cross-check, can you add “sg_tenant” (with an underscore) to the whitelist:

elasticsearch.requestHeadersWhitelist: ["sgtenant", "sg_tenant", "Authorization"]

and try to use sg_tenant in your call curl? This is just a guess but would help to eliminate that particular issue from the list.

Hello @jkressin, thank you for your reply.

Unfortunately additional header doesnt help.
ES version - 6.6.0
Kibana version - 6.6.0

Maybe I missed something in configs or request params?

To me, the config and the request parameters look good.

Here’s a sample call from one of our integration tests:

curl --insecure -Ss -u admin:admin -H 'Content-Type: application/json' -H "kbn-xsrf: true" -H "sg_tenant: adm_tenant" -XPOST "" -d "@../resources/kibana/index-pattern.json"

which works fine here. Can you check if your call looks the same?

If this does not help I will need to try to recreate the issue on one of our staging systems.

Unfortunately your example wasnt success…

I do next follow:

  1. Create new role via sg roles api [PUT] "/roles/test" (test is name of tole)

     "cluster": ['CLUSTER_COMPOSITE_OPS'],
     "indices" : [
         "my_index" : {
             "*" : "READ"
     "tenants" : {
       "my_tenant" : "RW"
  2. Create role mapping [PUT] /rolesmapping/test

"backendroles" : [ "test" ],
  1. Create user [PUT] internalusers/user
  "password": "admin",
  "roles": ["role", "test"]
  1. Create index pattern with params as I described in a message before (with sgtenant “my_tenant”).

So, can you recreate issue on staging system, please?

Here response from server from previous tests:

Unfortunately I was not able to reproduce the issue. I followed the steps you provided, but the index pattern was correctly created in the tenant.

To further analyse:

Can you please provide the exact API curl call, including the returned JSON from Kibana, like:


curl --insecure -Ss -u admin:admin -H 'Content-Type: application/json' -H "kbn-xsrf: true" -H "sg_tenant: admin_tenant" -XPOST "" -d '
        "attributes" : {
            "title" : "my_index"


	"type": "index-pattern",
	"id": "myid123",
	"attributes": {
		"title": "my_index"
	"migrationVersion": {
		"index-pattern": "6.5.0"
	"updated_at": "2019-04-07T18:41:03.186Z",
	"version": 1

Also, you please set the loglevel on Elasticsearch to debug:

Then, please issue the curl API call and post the log output here.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.