Disable the tenants selection for a users that have access to a single tenant

ogulman · November 30, 2023, 5:37pm

OpenSearch 2.11.0
Hi community. I would like to have possibility of allowing users to see only a tenant which they have access to.
For example a have users with a backend role user, i create a role with cluster_composite_ops_ro and cluster_monitor cluster permissions and tenant global_tenant and map user as a backend role. Also I add backend role user to kibana_read_only.
When I login with my user I see:

Welcome page
Introducing new OpenSearch Dashboards look & feel
Tenant selection page where I have only one Global_tenant availiable.

My goal is to be forwarded to dashboards page of a tenant that this user has access avoiding pop ups and tenant selection.

opensearch/config.yml

config:
 dynamic:
#   opensearch-dashboards:
   kibana:
      multitenancy_enabled: true
      private_tenant_enabled: false
      default_tenant: global_tenant
      server_username: kibanaserver
      index: '.kibana'
   do_not_fail_on_forbidden: true

dashboard/opensearch_dashboards.yml

opensearch_security.multitenancy.enabled: true
#opendistro_security.multitenancy.tenants.enable_global: true
opensearch_security.multitenancy.tenants.enable_private: false
opensearch_security.multitenancy.tenants.preferred: ["Global"]
opensearch_security.readonly_mode.roles: [kibana_read_only]

In OpenDistro the users that have access only to a single tenant was forwarded directly to this tenant.
Did I miss something in configuration?

ogulman · December 1, 2023, 8:34pm

By changing default route to dashboards, adding data and replacing global_tenant → Global

config:
 dynamic:
#   opensearch-dashboards:
   kibana:
      multitenancy_enabled: true
      private_tenant_enabled: false
      default_tenant: Global
      server_username: kibanaserver
      index: '.kibana'
   do_not_fail_on_forbidden: true

When I login with my account I see:

After clicking Confirm I’m redirected to dashboards page witch is what is what I would like to have, but still would like to avoid to showing the tenant selection if that is some how possible.
In OpenDistro as I already said users that have access only to one tenant aren’t asked to choose a tenant.

Mantas · December 4, 2023, 11:08am

Hi @ogulman,

You can choose a default tenant in your OpenSearch Dashboards Security/Tenants [Configure (tab)]:

This will allow you to default all users to a selected tenant when they log in for the first time.

Let me know if you have any further questions.

Best,
Mantas

ogulman · December 4, 2023, 1:11pm

Hi Mantas,
I have set Global tenant as default:

   kibana:
      multitenancy_enabled: true
      private_tenant_enabled: false
      default_tenant: Global

but users who had access only to Global still asking to select a tenant on a first login:

Mantas · December 6, 2023, 5:21pm

I am experiencing the same behaviour in my lab too. I can’t seem to find any workaround either.
You can file it here: Issues · opensearch-project/OpenSearch-Dashboards · GitHub

Cheers,
Mantas

Topic		Replies	Views
How to disable the private tenant in the dashboard Security configure	6	1411	September 27, 2022
Not able to disable global tenant in opensearch OpenSearch	13	314	January 23, 2024
Read only role on multitenant Opensearch Dashboards OpenSearch Dashboards	4	10	October 31, 2024
Dashboard Only & Tenancy in 1.3 Security	6	1195	April 19, 2021
Restrict user(s) to a tenant Security	1	637	November 29, 2021

Disable the tenants selection for a users that have access to a single tenant

Related Topics