I am using kibana security plugin 1.9.0 and have enabled multitenancy. I need to know what is minimum required set of permission to view/use global tenant and also have access to security tab to update/add security configuration like roles/tenants/users etc.
Please check and let me know.
Thanks in advance.
@Pratiksha
I’m not sure if these are indeed the minimum requirements but see below:
view/use global tenant → add kibana_user to the backend role of user.
update/add security configuration → You can create a new role eg “security_role” and add it to: opendistro_security.restapi.roles_enabled: ["all_access", "security_role"]
You can then use below to select which access this given:
restapi.endpoints_disabled.<role>.<endpoint>: ["<method>",...]
eg.
opendistro_security.restapi.endpoints_disabled.testRole1.ROLES: ["PUT", "POST", "DELETE"]
Possible values for endpoint are:
ACTIONGROUPS
ROLES
ROLESMAPPING
INTERNALUSERS
TENANTS
CONFIG
CACHE
LICENSE
SYSTEMINFO
Possible values for then method are:
GET
PUT
POST
DELETE
I’ve only tested ROLES with 1.9.0 and it works.
Hope this helps