Multi-tenancy for different indices

Hi Team,

I am feeling clueless and would really appreciate advice here. I am setting up firewall logs indices into elastic search for different customers.
lets say for customer one us-firewall-cust1-* other is ny-firewall-cust2-* third is uk-firewall-cust3.
I need a complete multi-tenancy here so that cust1 logging in with his creds should not even able to see any logs for ny-firewall-cust2 or access to any of the dashboard.

Neither he should come to know the tenants created in Kibana.

Can someone please guide me any documentation here, pls?

TIA
Blason R

here you go: Kibana Multi-Tenancy - Open Distro Documentation

Correct - I went through this config however wondering if GUI options are possible instead of fiddling with config.yml

you may do the same using gui:

  1. create tenant
  2. Create internal user (if you are not using external authentication)
  3. Switch to new tenant
  4. Create index pattern us-firewall-cust1-* in new tenant.
  5. Create role, assign index permissions: .kibana* - read, delete, index, manage ( to grant user kibana functions access), us-firewall-cust1-* - search ( to grant user access to own indices for search). You d not need to assign any cluster permissions. Assign tenant permissions to correspondent tenant created in step 1.
  6. Add user to the role in Mapped Users tab
  7. Login as user and switch to new created tenant (by default user is logged in his own private tenant). Go to Discover and see logs from us-firewall-cust1-* indexes
1 Like

Awesome man!! and much much appreciated. Let me try doing that.

Thanks again.

Unfortunately this is I am getting. I followed the instructions.
Am i missing anything?

Application Not Found

No application was found at this URL. Try going back or choosing an app from the menu.

at what step did you get this error? what version are you running?

Hi there,

Here are the steps I followed and then I get the error which I described below.
Take example here- My data is coming in dmi-*

I created user dmiuser internal user.
Created dmitenant Tenant

created role

With appropriate Tenant permission

Then mapped user

Pumped test data and see the data is generated in dmi-* index [ This is done with admin user]
I then created dmi-* index with admin user. [Do I need to create index with admin user or dmiuser?]

Now logged in with dmuser and opted for dmitenant


Now here do I need to create index again? because nothing is appearing here.

This is with dmiuser

And then this issue :frowning:

Am I doing anything wrong? Please advise

TIA
Blason R

Try to use your admin account, switch to ‘dmitenant’ (as admin) and create index pattern. After that you will see it in dmitenant user. (If you followed my steps than your user only have rights to search your dmi* indexes)

I see so Indices has to be created using admin account by changing to dmitenant?

permissions I mentioned earlier does not allow to create indices. You may adjust them but I don’t know what permissions needs to be added. Indices, visualization, query, dashboards etc are made per tenant. If you do not want to grant too much permissions to users - do it by yourself as admin

Agree and that has resolved the issue!! Thanks for the help man.