Multi-tenant dashboards in iframe

Hi guys, we are utilizing jwt token to by pass signin when embedding opensearch dashboards in iframe in our website. When embedding the dashboard, can we

  1. Automatically select the tenant used
  2. Prevent user from switching tenant, as datasets belonging to other clients are under other tenants in the same domain?

Thank you.

Hi @zhan2819,

Yes, I do believe that is achievable on both points.
On point #1, you could set the "default_tenant" : "Private" more info here. So then the user (JWT in your case) gets authorized it will get to the tenancy base on the roles:
i.e:

{
  "iss": "example.com",
  "exp": 1300819380,
  "name": "John",
  "roles": "john_role"
}
john_role:
 reserved: false
 hidden: false
 cluster_permissions:
..
 index_permissions:
 - index_patterns:
..
 tenant_permissions:
 - tenant_patterns:
   - "John"
   allowed_actions:
   - "level of permissions needed"
 static: false
_meta:
 type: "roles"
 config_version: 2

And on point #2 you can disable the Global_tenant so that the user in this case “john” can only access private tenancy (defined in the roles mapped to the user):


opendistro_security.multitenancy.tenants.enable_global: false

Best,
mj

1 Like