How can I remove access permission to global tenant for an user?

Hi everyone,

I have several tenants on my cluster :

  • custom_tenant_1 (for user_1)

  • custom_tenant_2 (for user_1)

  • global_tenant

  • private_tenant

I also have 2 users :

  • user_1
  • user_2

These users can access to their tenants with the right index, but I don’ know how to deny access on the global tenant…
Someone have an idea ?

Sorry for my bad english…

Thanks you all :stuck_out_tongue:

@simonverbois What other roles are the users in question being mapped to?

The access to global tenant is included in kibana_user role, if you remove this role_mapping and provide the necessary access via the custom roles, this should fix the issue you are having.

Hi Anthony,

Thank you for your reply,

I have only 2 roles on my users:

  • A custom role who assign to an user read permission on is tenant (this tenant allow a read access to a specific index)
  • And a bakend role, kibanauser

My final objectif is the creation of an user who have full access on his private tenant (I would like it to be able to create its own index based on that of the custom tenant) and read access on a custom tenant (he can also create some items, like dashboard, saved search, etc.)

I gonna try your solution,


Finally I have fix this,

I have create a backend role with my custom role, and i have remove kibanauser backend.

In my custom i have add : read, manger and index permissions
and also : cluster_composite_ops on cluster permissions

Thanks you