But i did not find out how to move an existing index to this tenant, so only the role with access to that tenant can actually access the index with tenant_name.
Also: How can i specify from the log sending part (data-prepper) to which index/tenant the data should be sent?
2. Principle of least privilege
I do have a role, which is used within the example above:
By using the Discover tab, that role is only able to access and see data inside the index with the name g_63_*, as this is the main purpose for this role. But it also sees other indexes, without being able to access them as a Forbidden message is appearing. (I’m still confused btw. that i have to use .kibana to make the view possible for this role, i guess it is a migration “feature”)
Is it possible to not display/hide the other indexes for this role? (This is also something i wanted to achieve by using tenants)
Also: Is it possible for that role to not display all the others: Obervability/OpenSearch Plugins/Management? I would love to have that in e.g. a config as i’m stateless, and i do not want to configure it again when setting up docker-compose.
@B3n As per documentation, tenants are designed to separate OpenSeach Dashboards objects i.e. dashboards, visualisations, index patterns etc.
Tenants do not control access to OpenSearch indexes. This is controlled by security roles.
OpenSearch indices can’t be assigned to OpenSearch Dashboards tenants.
If the user has two tenants assigned in a single role with the index permission, that index permission will affect both tenants. The same applies if the user has two separate roles, one for each tenant. The index permissions in all those roles would apply to all assigned tenants.
.kibana index is leftover after OpenDistro which was based on Elasticsearch and Kibana. This doesn’t affect the functionality of the OpenSearch in any way is only a cosmetic issue.
Have you tried to use do_not_fail_on_forbidden?
The current security plugin can’t control other modules’ appearance in the OpenSearch Dashboards. The only available option that can limit the OpenSearch Dashboards view is opensearch_security.readonly_mode.roles. This must be set in the opensearch_dashboards.yml file.
But it seems like when i’m using opensearch_security.readonly_mode.roles with that role, i can add index permissions/cluster_permissions as much as i want, it will only show the Dashboard or e.g. the screenshot you’ve posted. The Discover tab is not being shown.
What do you mean by other indices ? Do you mean all indices starting with g_63_ or all remaining indices in the cluster?
I mean all the remaining indices. As for example i have different sources where i’m getting data from data-prepper and i want to seperate each of them.
Data-Prepper client (dedicated virtual machine) sends logs to index: g_63_dev_logs
Data-Prepper client (dedicated virtual machine) sends logs to index: g_53_dev_logs
and so on. So my plan is, to have the role g_63_read_only only being able to see the Discover and to access the data inside g_63_dev_logs.