We are working on a solution. I will try to explain it more detailed and the partial solution we have done.
We have a Django application in which you can analyze projects. The results of the analysis are stored in ODFE. In order to show a dashboard for each project, in ODFE Kibana, we have created users with READ access only to the documents of a specific project.
When a user wants to see the dashboard of one project, we authenticate him/her with JWT in Kibana and he/she can play with the data. Our problem is sharing the dashboards created by that user.
Our current approach is that for each Dashboard/Project we have two users with the same DLS access over the indices
- The first user has R/W access to the dashboard (tenant)
- The second user has RO access
This way we have two URLs, one for the user, and another one that is shared.
This is not exactly what we want. Our goal is if an anonymous user tries to view a specific dashboard/tenant (without JWT) with the same DLS permissions, he maybe gets authenticated and can see the dashboard with RO access.
We think that changes to ODFE are needed, but we want to make sure that there isn’t anyway to resolve this problem.
All kind of commentaries are welcome.