Tenants - Private and Global



We’ve experimented a bit with the multitenancy feature of opendistro and we like it so far.
However, i cannot find anywhere what the “private” and “global” tenants are?

Also, is it possible to restrict a user to only one tenant, therefore not even showing the user other tenants such as Private and Global? Therefore “auto” signing into the one tenant that the user has access to?


Hello Victor !
About the user to restrict him to one tenant you can do it by just giving him rights on the tenant.
In the “Roles” Tab :

And in “Tenants” Tab, add your custom tenant name, with rights Read&Write if you want the user to be able to save Visualizations, Search, Dashboards. Read&Only for just reading rights.

Don’t forget to create the appropriate “Role mappings”, map the role to the user.

About disabling the Private and Global tenants, I only know how to disable it globally.
In /etc/kibana.yml, you have to add these lines :

opendistro_security.multitenancy.tenants.enable_private: false
opendistro_security.multitenancy.tenants.enable_global: false

Global is a tenant that is shared by all users.
Private is private to each users.

Hope I helped and answered your questions.


1 Like

That is great news, thank you for the quick reply.

Do you know if there is a way to restrict kibana in a way so that the regular users only see the Discover tab and the admins see everything else? Like Management etc?


First you can try the “Read Only” role for the Tenant in the Tenant tab.

This will remove the Management tab for the user and remove the rights to create visualizations.

You can also remove globally the “DevTools” and “Timelion”.
In /etc/kibana.yml, add these lines :

timelion.enabled: false
console.enabled: false

Kibana will take more times to restart.

You can also check the kibana_read_only role (I didn’t try it)

I don’t know if it’s possible to restrict an user to “Discover” only.


1 Like