I’ve several SG user groups - part of them have access to domain01Tenant and part of them to domain02Tenant respectively. 2 group are read only according to kibana.yml : searchguard.readonly_mode.roles: ["sg_domain01Users", "sg_domain02Users", ...]
When I log into Kibana with credentials from userDomain01 which belongs to sg_domain01Users group I can see Dashboard and Tenants options, as expected. So why I can see/select domain02Tenant and Globa tenant from Tenants list? How to restrict their access to domain01Tenant only?
Self-solved 
In kibana.yml:
searchguard.multitenancy.tenants.enable_global: false searchguard.multitenancy.tenants.enable_private: false
and 2 kibana’s restarts solved it. searchguard.readonly_mode.roles has nothing in common.
W dniu czwartek, 14 czerwca 2018 13:09:06 UTC+2 użytkownik Lech Szczecinski napisał:
···
- Search Guard and Elasticsearch version : 6.2.4 Enterprise demo
- JVM version: 8 upd 171 (build 1.8.0_171-b11) ; operating system: Win 10
I’ve several SG user groups - part of them have access to domain01Tenant and part of them to domain02Tenant respectively. 2 group are read only according to kibana.yml : searchguard.readonly_mode.roles: ["sg_domain01Users", "sg_domain02Users", ...]
When I log into Kibana with credentials from userDomain01 which belongs to sg_domain01Users group I can see Dashboard and Tenants options, as expected. So why I can see/select domain02Tenant and Globa tenant from Tenants list? How to restrict their access to domain01Tenant only?