Hi everyone,
I have several tenants on my cluster :
custom_tenant_1 (for user_1)
custom_tenant_2 (for user_1)
global_tenant
private_tenant
I also have 2 users :
These users can access to their tenants with the right index, but I don’ know how to deny access on the global tenant…
Someone have an idea ?
Sorry for my bad english…
Thanks you all 
Simon
@simonverbois What other roles are the users in question being mapped to?
The access to global tenant is included in kibana_user role, if you remove this role_mapping and provide the necessary access via the custom roles, this should fix the issue you are having.
Hi Anthony,
Thank you for your reply,
I have only 2 roles on my users:
My final objectif is the creation of an user who have full access on his private tenant (I would like it to be able to create its own index based on that of the custom tenant) and read access on a custom tenant (he can also create some items, like dashboard, saved search, etc.)
I gonna try your solution,
Thanks
Simon
Finally I have fix this,
I have create a backend role with my custom role, and i have remove kibanauser backend.
In my custom i have add : read, manger and index permissions
and also : cluster_composite_ops on cluster permissions
Thanks you