Hi,
I’m creating a lot of users (thousands) for my application, using the API:
PUT /_opendistro/_security/api/internalusers/epm_web
I want to know if there is any limitation to the number of users?
If yes, is it configurable?
Thank you,
Ori.
There is no limit on internal user. But can you explain why are creating so much users?
Do they need to access Kibana behind OD security?
Thanks @aparo ,
The users don’t need to access Kibana. They are only used for search operations (REST endpoints of our application).
The reason of creating so many users is because our system is multi-tenant.
We create a user per tenant and link it to a role with DLS policy. So each tenant user can only see documents belong to its tenant according to user attribute and DLS.
Role example:
{
"cluster_permissions": [
"cluster:monitor/health"
],
"index_permissions": [{
"index_patterns": [
"events-*"
],
"dls": "{\"term\": { \"tenantId.keyword\": \"${attr.internal.tenantId}\"}}",
"fls": [],
"masked_fields": [],
"allowed_actions": [
"search",
"get"
]
}],
"tenant_permissions": []
}
Therefore, when we implement a REST endpoint, the flow is:
- Extract the tenantId from JWT
- When calling Elasticsearch, change the request credentials (HTTP Interceptor, HTTP Basic Auth) to use the tenant-specific user.
I must mention also that we’re using AWS Elasticsearch and we don’t have the control over the internal elasticsearch.yml file (to configure JWT).
Regards,
Ori.
That’s ok.
Because in case on Kibana multitenancy, you are creating one or more indices for single user for small documents (kibana ones) and it’s a waste of resources.