Saidose
February 18, 2023, 7:10pm
1
Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Describe the issue :
I have a hefty amount of index patterns in my setup and now I want to separate access to these indices between teams, yet I can’t figure out a way to make it user friendly.
For example:
I have default index pattern “all” which gives an error and “index*” which shows data as expected from given rule
Can I make it so for certain group index pattern “index*” will be default and for other groups for example “index2*” “index3*” etc. ?
I figured tenants should have some practical use but i can’t find any infromaton on this issue.
pablo
February 27, 2023, 6:47pm
2
@Saidose You need to create separate Tenants where you create desired index patterns. Then assign access to the Tenants with the role.
Saidose
February 27, 2023, 8:08pm
3
@pablo Thanks for you answer and time!
pablo
February 27, 2023, 8:28pm
4
@Saidose You shouldn’t.
When you run the below command in Dev Tool, do you get more than one .kibana index?
Could you share your opensearch_dashboards.yml and config.yml files?
Saidose
February 28, 2023, 7:01am
5
@pablo Yes, I’ll always see patterns from Global
What command?
This is my setup for dashboards security plugin in config.yml:
server.port: 5601
pablo
February 28, 2023, 8:47am
6
@Saidose I forgot to add the command.
GET _cat/indices
The output you’ve posted is from openseach_dashboards.yml. Could you also share config.yml? It is located in the OpenSearch node.
pablo
February 28, 2023, 9:03am
7
@Saidose Take a look at the documentation.
Multitenancy must be enabled in OpenSearch (config.yml) and OpenSeach Dashboards (opensearch_dashboards.yml).
I’ve reproduced your scenario with multitenancy disabled in config.yml.
Saidose
February 28, 2023, 9:07am
8
@pablo yeah sorry, mistook config.yml for dashboards.yml
The output for the command gives one index:
As for config.yml
_meta:
type: "config"
config_version: 2
config:
dynamic:
authc:
basic_internal_auth_domain:
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: internal
ldap:
http_enabled: true
transport_enabled: false
order: 1
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: ldap
config:
enable_ssl: true
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
pemtrustedcas_filepath: *example*
hosts:
- *example*
bind_dn: *example*
password: *example*
users:
primary-userbase:
base: *example*
search: *example*
secondary-userbase:
base: *example*
search: *example*
username_attribute: *example*
connect_timeout: 5000
response_timeout: 0
authz:
ldap:
http_enabled: true
transport_enabled: true
authorization_backend:
type: ldap
config:
enable_ssl: true
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
pemtrustedcas_filepath: *example*
hosts:
- *example*
bind_dn: *example*
password: *example*
users:
primary-userbase:
base: *example*
search: *example*
secondary-userbase:
base: *example*
search: *example*
username_attribute: *example*
rolebase: *example*
rolesearch: *example*
userroleattribute: null
userrolename: none
rolename: *example*
resolve_nested_roles: true
Are you talking about this security config.yaml? I modified it not to include sensitive data
Saidose
February 28, 2023, 9:12am
9
I see, I’ll try to include it in config.yaml in test environment and get back to you with results, thank you very much. It seems I’ve missed a crucial detail whilst being in a rush!
