I am feeling clueless and would really appreciate advice here. I am setting up firewall logs indices into elastic search for different customers.
lets say for customer one us-firewall-cust1-* other is ny-firewall-cust2-* third is uk-firewall-cust3.
I need a complete multi-tenancy here so that cust1 logging in with his creds should not even able to see any logs for ny-firewall-cust2 or access to any of the dashboard.
Neither he should come to know the tenants created in Kibana.
Can someone please guide me any documentation here, pls?
Create internal user (if you are not using external authentication)
Switch to new tenant
Create index pattern us-firewall-cust1-* in new tenant.
Create role, assign index permissions: .kibana* - read, delete, index, manage ( to grant user kibana functions access), us-firewall-cust1-* - search ( to grant user access to own indices for search). You d not need to assign any cluster permissions. Assign tenant permissions to correspondent tenant created in step 1.
Add user to the role in Mapped Users tab
Login as user and switch to new created tenant (by default user is logged in his own private tenant). Go to Discover and see logs from us-firewall-cust1-* indexes
Pumped test data and see the data is generated in dmi-* index [ This is done with admin user]
I then created dmi-* index with admin user. [Do I need to create index with admin user or dmiuser?]
Try to use your admin account, switch to ‘dmitenant’ (as admin) and create index pattern. After that you will see it in dmitenant user. (If you followed my steps than your user only have rights to search your dmi* indexes)
permissions I mentioned earlier does not allow to create indices. You may adjust them but I don’t know what permissions needs to be added. Indices, visualization, query, dashboards etc are made per tenant. If you do not want to grant too much permissions to users - do it by yourself as admin